Info

Disclosure

Oct 02, 2001

Discovery

Oct 02, 2001

Dates

Exploit

Oct 02, 2001

Solution

Unknown

Description

Gallery 1.2 contains a flaw that may allow a malicious user to include arbitrary remote PHP files for execution. The issue is triggered when a malicious user calls an include script and passes in an 'includedir' variable. It is possible that the flaw may allow the execution of arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Unknown or Incomplete

Solution

Upgrade to version 1.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Bharat Mediratta	Gallery	1.1
		1.2

References

CVE ID: 2001-1234 (see also: NVD)
Bugtraq ID: 3397
ISS X-Force ID: 7215
CERT VU: 847803
Generic Exploit URL: http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Vendor URL: http://gallery.menalto.com/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Bharat Mediratta

Gallery

References

Credit