| VID |
21480 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Gallery software seems to be vulnerable to multiple remote vulnerabilities. Bharat Mediratta Gallery is a Web-based software product that lets you manage photos on any Web site that offers PHP support. Gallery versions 1.3.4-pl1, 1.4.4-pl2, and 2.0 Alpha are vulnerable to multiple cross-site scripting and information disclosure vulnerabilities as follows:
- Multiple cross-site scripting vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php.
- Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field.
- Cross-site scripting vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field.
- In Gallery 2.0 Alpha, it is reported that under some circumstances Gallery may return an error message that contains the installation path of the vulnerable Gallery installation.
* References:
http://packetstormsecurity.nl/0501-exploits/Gallery134.txt
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html
* Platforms Affected:
Bharat Mediratta, Gallery 1.3.4-pl1
Bharat Mediratta, Gallery 1.4.4-pl2
Bharat Mediratta, Gallery 2.0 Alpha
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Gallery (1.4.4-pl5 or later), available from the Gallery Project Web site at http://gallery.menalto.com/modules.php?op=modload&name=News&file=index |
| Related URL |
CVE-2005-0219,CVE-2005-0220,CVE-2005-0221 (CVE) |
| Related URL |
12286,12292 (SecurityFocus) |
| Related URL |
18938 (ISS) |
|
