CVE-2012-10052
BaseFortify
Publication date: 2025-08-08
Last updated on: 2025-08-08
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| egallery | egallery | 1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
EGallery version 1.2 has a vulnerability in the uploadify.php script that allows attackers to upload files without authentication and without validating the file type. This means an attacker can upload malicious PHP files directly into the web-accessible directory, leading to full remote code execution on the web server.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code on your web server remotely, potentially taking full control of the server, accessing sensitive data, defacing the website, or using the server to launch further attacks.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately restrict or disable the uploadify.php script to prevent unauthenticated file uploads. Implement proper authentication and file type validation to ensure only allowed file types can be uploaded. Additionally, restrict write permissions to the egallery/ directory to prevent unauthorized file uploads and consider applying web server security controls to limit execution of uploaded files.