CVE-2006-3608

CVE-2006-3608 · MEDIUM Severity

AV:N/AC:H/AU:S/C:P/I:P/A:P

The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.

Learn more about our User Device Pen Test.