myGallery Plugin for WordPress mygallerybrowser.php myPath Variable Remote File Inclusion

2007-04-29T11:18:51
ID OSVDB:34356
Type osvdb
Reporter OSVDB
Modified 2007-04-29T11:18:51

Description

Solution Description

Upgrade to version 1.4b5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

[target]/mygallery/myfunctions/mygallerybrowser.php?myPath=Shell

References:

Secunia Advisory ID:25042 ISS X-Force ID: 33955 Generic Exploit URL: http://www.milw0rm.com/exploits/3814 FrSIRT Advisory: ADV-2007-1582 CVE-2007-2426 Bugtraq ID: 23702