{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2012-10052", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-08-08T16:21:16.764Z", "datePublished": "2025-08-08T18:10:46.550Z", "dateUpdated": "2026-04-07T14:02:46.161Z" }, "containers": { "cna": { "affected": [ { "defaultStatus": "unknown", "modules": [ "/egallery/uploadify.php" ], "product": "EGallery", "vendor": "EGallery", "versions": [ { "status": "affected", "version": "1.2" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Sammy FORGIT" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory. This results in full remote code execution under the web server context." } ], "value": "EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory. This results in full remote code execution under the web server context." } ], "impacts": [ { "capecId": "CAPEC-242", "descriptions": [ { "lang": "en", "value": "CAPEC-242 Code Injection" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:02:46.161Z" }, "references": [ { "tags": [ "exploit" ], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/egallery_upload_exec.rb" }, { "tags": [ "exploit" ], "url": "https://www.exploit-db.com/exploits/20029" }, { "tags": [ "technical-description", "exploit" ], "url": "http://web.archive.org/web/20170128123244/http://www.opensyscom.fr/Actualites/egallery-arbitrary-file-upload-vulnerability.html" }, { "tags": [ "product" ], "url": "https://sourceforge.net/projects/e-gallery/" }, { "tags": [ "third-party-advisory" ], "url": "https://www.vulncheck.com/advisories/egallery-arbitrary-php-file-upload" } ], "source": { "discovery": "UNKNOWN" }, "tags": [ "unsupported-when-assigned" ], "title": "EGallery 1.2 Arbitrary PHP File Upload", "x_generator": { "engine": "Vulnogram 0.2.0" }, "datePublic": "2012-07-23T00:00:00.000Z" }, "adp": [ { "references": [ { "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/egallery_upload_exec.rb", "tags": [ "exploit" ] }, { "url": "https://www.exploit-db.com/exploits/20029", "tags": [ "exploit" ] }, { "url": "http://web.archive.org/web/20170128123244/http://www.opensyscom.fr/Actualites/egallery-arbitrary-file-upload-vulnerability.html", "tags": [ "exploit" ] } ], "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2025-08-08T18:55:03.432887Z", "id": "CVE-2012-10052", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-08T18:55:06.700Z" } } ] } }