mirror of
https://github.com/Pathduck/gallery3.git
synced 2026-05-22 12:29:11 -04:00
0a66ef9cc7
If you can change the extension, then you can alter the way the server handles the file, which is a security problem. So for example, you can change a .JPG to a .PHP and then if you put some malicious PHP code in the EXIF data, you can get the server to execute it. Vulnerability is low because only users who have edit permissions could do this. Fixes ticket #846