mcGalleryPRO index.php language Variable Local File Inclusion

2005-12-13T09:33:01
ID OSVDB:21718
Type osvdb
Reporter r0t(krustevs@googlemail.com)
Modified 2005-12-13T09:33:01

Description

Vulnerability Description

mcGalleryPRO contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'language' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

mcGalleryPRO contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'language' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Manual Testing Notes

/index.php?language=../FILE

References:

Vendor URL: http://mcgallerypro.com/ Secunia Advisory ID:18039 Related OSVDB ID: 21720 Related OSVDB ID: 21719 Related OSVDB ID: 21721 Other Advisory URL: http://pridels.blogspot.com/2005/12/mcgallery-pro-vuln.html FrSIRT Advisory: ADV-2005-2886 CVE-2005-4251 Bugtraq ID: 15845