CVE-2012-10052
EGallery 1.2 Arbitrary PHP File Upload
Vexday Risk Score
63Prioridad alta
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 9.3EPSS 1.4%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Ciclo de vida
08 jul 2012Exploit Metasploit disponible
08 ago 2025Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory. This results in full remote code execution under the web server context.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
EGallery · EGalleryPoCs públicas encontradas — 3
cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/egallery_upload_exec.rbno verificadocve_referencewww.exploit-db.com/exploits/20029no verificadocve_referenceweb.archive.org/web/20170128123244/http://www.opensyscom.fr/Actualites/egallery-arbitrary-file-upload-vulnerability.htmlno verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/egallery_upload_exec.rbhttps://sourceforge.net/projects/e-gallery/https://www.exploit-db.com/exploits/20029https://www.vulncheck.com/advisories/egallery-arbitrary-php-file-uploadhttp://web.archive.org/web/20170128123244/http://www.opensyscom.fr/Actualites/egallery-arbitrary-file-upload-vulnerability.html