What is CVE-2012-10052?

CVE-2012-10052 is a vulnerability in Egallery, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-08.

Is CVE-2012-10052 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Egallery

CVE-2012-10052

EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP fil…

Vulnerability class: Unrestricted File Upload

EPSS: 0.816 (99.2th percentile) — read the EPSS interpretation.

Affected products

Egallery — versions 1.2

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
www.exploit-db.com/exploits/20029 (exploit)
web.archive.org/web/20170128123244/http://www.opensyscom.fr/Actualites/egallery… (technical-description, exploit)
sourceforge.net/projects/e-gallery/ (product)
www.vulncheck.com/advisories/egallery-arbitrary-php-file-upload (third-party-advisory)

Frequently asked questions

What is CVE-2012-10052?: CVE-2012-10052 is a vulnerability in Egallery, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-08.
Is CVE-2012-10052 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.