| VID |
21965 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Gallery software is vulnerable to a directory traversal vulnerability via the 'g2_itemId' parameter. Gallery is a Web-based photo album program written in PHP. Gallery versions prior to 2.0.1 are could allow a remote attacker to traverse directories, caused by improper filtering of user-supplied input passed to the 'g2_itemId' parameter of the 'main.php' script. If the 'display_errors' setting is set to 'on', a remote attacker could exploit this vulnerability to read arbitrary files required by the application and write arbitrary content to files on the affected host.
* References:
http://www.securityfocus.com/archive/1/413405
http://gallery.menalto.com/
* Platforms Affected:
Bharat Mediratta, Gallery versions prior to 2.0.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Gallery (2.0.1 or later), available from the Gallery Project Page Web site at http://codex.gallery2.org/Gallery2:Download
As a workaround, disable PHP's 'display_errors' setting. |
| Related URL |
CVE-2005-3251 (CVE) |
| Related URL |
15108 (SecurityFocus) |
| Related URL |
22747 (ISS) |
|
