Russcom PHPImages lack of validation

Discovered by: Nomenumbra

Date: 21/5/2006

impact:moderate

Russcom's PHPImages doesn't validate if the uploaded

file is an image, it just checks for the extension, thus

allowing an attacker to upload php scripts with a .gif extension

for example, potentially allowing him (trough file inclusion vulns for

example) to execute arbitrary code.

Nomenumbra