3 matches found
Remote execution in My_eGallery
Product: MyeGallery Versions affected: all 3.1.1.g Website: http://lottasophie.sourceforge.net/index.php 1. Introduction --------------- MyeGallery is a very nice PostNuke module, which allows users to create and manipulate their own galleries on the web, plus offers various additional features...
myegallery.txt
Product: MyeGallery Versions affected: all /tmp/cmdtemp 2&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp"; $output = obgetcontents; obendclean; printoutput; ? This allows execution of any command on the server with MyeGallery, under the privileges of the Web server usually apache or httpd. 3. Solution...
My_eGallery < 3.1.1g Remote File Inclusion
The remote web server is hosting the 'myegallery' PostNuke module. The installed version is potentially affected by a remote file include vulnerability because the application fails to properly sanitize input to include include statements. An attacker may use this flaw to execute arbitrary code i...