CVE-2006-3676

Name: CVE-2006-3676
Creator: NVD / NIST
Published: 2006-07-24T12:19:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.70%

Last modified Jun 16, 2026

CVE-2006-3676 is a vulnerability of currently unknown severity. admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types.. EPSS estimates a 1.70% chance of exploitation in the next 30 days.

Description

admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types.

Metrics

EPSS Probability

1.70%

74.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Planet Concept	Planetgallery	<= 2006-05-22

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0434.html
http://secunia.com/advisories/21099Exploit, Patch, Vendor Advisory
http://securityreason.com/securityalert/1268
http://www.osvdb.org/27417
http://www.redteam-pentesting.de/advisories/rt-sa-2006-006.txtExploit, Vendor Advisory
http://www.securityfocus.com/archive/1/440643/100/0/threaded
http://www.securityfocus.com/bid/19091Exploit, Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/27858
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0434.html
http://secunia.com/advisories/21099Exploit, Patch, Vendor Advisory
http://securityreason.com/securityalert/1268
http://www.osvdb.org/27417
http://www.redteam-pentesting.de/advisories/rt-sa-2006-006.txtExploit, Vendor Advisory
http://www.securityfocus.com/archive/1/440643/100/0/threaded
http://www.securityfocus.com/bid/19091Exploit, Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/27858

Timeline

Published: Jul 24, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-3676?

How severe is CVE-2006-3676?

Severity scoring for CVE-2006-3676 is pending analysis. The EPSS model estimates a 1.70% probability of exploitation in the next 30 days.

How do I fix CVE-2006-3676?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-3676?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST