Gallery HTTP Global Variables File Inclusion

2004-01-24T00:00:00
ID OSVDB:3737
Type osvdb
Reporter OSVDB
Modified 2004-01-24T00:00:00

Description

Vulnerability Description

Gallery contains a flaw that may allow a malicious user to remotely execute code on the web server. The issue is caused by a failure to validate variables in HTTP requests. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Upgrade to version 1.41-pl1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Gallery contains a flaw that may allow a malicious user to remotely execute code on the web server. The issue is caused by a failure to validate variables in HTTP requests. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor Specific Advisory URL Secunia Advisory ID:10712 ISS X-Force ID: 14950 CVE-2004-2124 Bugtraq ID: 9490