CVE-2012-10052

N/A Unknown

Published: August 08, 2025 Modified: April 15, 2026

Description

EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory. This results in full remote code execution under the web server context.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://web.archive.org/web/20170128123244/http://www.opensyscom.fr/Actualites/egallery-arbitrary-file-upload-vulnerability.html

Source: disclosure@vulncheck.com

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/egallery_upload_exec.rb

Source: disclosure@vulncheck.com

https://sourceforge.net/projects/e-gallery/

Source: disclosure@vulncheck.com

https://www.exploit-db.com/exploits/20029

Source: disclosure@vulncheck.com

https://www.vulncheck.com/advisories/egallery-arbitrary-php-file-upload

Source: disclosure@vulncheck.com

http://web.archive.org/web/20170128123244/http://www.opensyscom.fr/Actualites/egallery-arbitrary-file-upload-vulnerability.html

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/egallery_upload_exec.rb

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

https://www.exploit-db.com/exploits/20029

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

8 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

72.5%

99th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-434

Related CVEs

CVE-2026-7679 7.3

CVE-2026-7678 6.3

CVE-2026-7677 3.5

CVE-2026-7676 4.3

CVE-2026-7675 8.8