Gallery Arbitrary File Upload Vulnerability

Posted on Tuesday, January 25, 2011 @ 02:32:58 PST in Security
by Raven

SECUNIA ADVISORY ID: SA43028

VERIFY ADVISORY: http://secunia.com/advisories/43028/

RELEASE DATE: 2011-01-25

CRITICALITY: Moderately Critical

DESCRIPTION: A vulnerability has been reported in Gallery, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to the application incorrectly validating the extension of an uploaded file. This can be exploited to e.g. upload and execute arbitrary PHP files. Successful exploitation requires upload privileges. The vulnerability is reported in versions prior to 3.0.1.

SOLUTION: Update to version 3.0.1 or apply vendor supplied patches.

PROVIDED AND/OR DISCOVERED BY: The vendor credits Kriss Andsten.

ORIGINAL ADVISORY: Gallery: http://gallery.menalto.com/gallery_3.0.1_released
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 343,917,703
  • Today: 33,680
Server InfoServer Info
  • Dec 12, 2017
  • 01:52 pm PST
 
 

Daily Inspiration