CVE-2006-3676

CVE-2006-3676 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types.

Learn more about our Web Application Penetration Testing UK.