CVE-2025-70457

CriticalPublic PoC

Published: 23 January 2026

Published

23 January 2026

Modified

30 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0029 52.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This…

allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation of uploaded file contents and types to prevent acceptance of malicious PHP code spoofed as images.

SI-2 Flaw Remediation good match

prevent

Mandates identification, reporting, and correction of the specific flaw in upload.php enabling unrestricted file uploads with dangerous extensions.

SI-3 Malicious Code Protection partial match

preventdetect

Implements malicious code protection to scan and block uploaded PHP shells before execution or detect them during processing.

Security SummaryAI

CVE-2025-70457 is a Remote Code Execution (RCE) vulnerability in Sourcecodester Modern Image Gallery App v1.0, specifically within the gallery/upload.php component. The application fails to properly validate the contents of uploaded files and preserves the user-supplied file extension during the save process. This allows attackers to upload arbitrary PHP code by spoofing the MIME type to appear as an image file. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.

An unauthenticated attacker can exploit this vulnerability over the network with low attack complexity and no user interaction. By uploading a malicious PHP file disguised with an image MIME type, the attacker achieves remote code execution on the server, potentially leading to full system compromise through arbitrary code execution.

Mitigation details are available in the GitHub Security Advisory GHSA-8xq6-hjhw-4983 at https://github.com/ismaildawoodjee/vulnerability-research/security/advisories/GHSA-8xq6-hjhw-4983. The application's source code can be reviewed or patched from https://www.sourcecodester.com/php/18572/modern-image-gallery-app-using-php-and-mysql-source-code.html.

Details

CWE(s): CWE-434

Affected Products

remyandrade

modern image gallery app

1.0

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability allows unauthenticated remote code execution via unrestricted file upload to a public-facing web application, directly mapping to Exploit Public-Facing Application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/ismaildawoodjee/vulnerability-research/security/advisories/GHSA-8xq6-hjhw-4983
Exploit, Third Party Advisory · cve@mitre.org
https://www.sourcecodester.com/php/18572/modern-image-gallery-app-using-php-and-mysql-source-code.html
Third Party Advisory · cve@mitre.org