Gallery Arbitrary File Upload Vulnerability

Friday, August 27th, 2004
by Marc Erickson

“aCiDBiTS has reported a vulnerability in Gallery, potentially allowing malicious people to compromise a vulnerable system.

The problem is that “save_photos.php” stores uploaded files in a temporary folder before processing them without checking if they are valid images files. This allows malicious people to upload and execute arbitrary code if the temporary folder is accessible from remote.

This has been reported to affect version 1.4.4. Prior versions may also be affected.

NOTE: This only affects systems where the temporary upload folder has been placed in a non-default and public accessible folder. Temporary folders should never be publicly accessible. It is also required that malicious people or users have upload privileges to an album.

Solution: Version 1.4.4-pl1 is not affected.

Tags

Categories

Security

What Do You Think?

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense hard-earned information back to the community, stake a claim on your very own Lockergnome blog today! You can write about anything - no matter the topic. Sign-up to start blogging!

Health - Sep 5, 2008

National Guidelines Released For Earwax Removal

Engineers Create Bone That Blends Into Tendons
Thursday, September 4, 2008
Light Shed On Bonobo Language
Thursday, September 4, 2008
Memory Trick Shows Brain Organization
Thursday, September 4, 2008
Antarctic Research Helps Shed Light On Climate Change On Mars
Wednesday, September 3, 2008
Jumping For Joy… And Stronger Bones
Wednesday, September 3, 2008

Health - Sep 2, 2008

Genetic Link To Dry Macular Degeneration Found

What Could Happen To Offshore Drilling If Gustav Hits Gulf
Tuesday, September 2, 2008
Challenges And Prospects For An HIV Vaccine
Tuesday, September 2, 2008
New Giant Clam Species Offers Window Into Human Past
Monday, September 1, 2008
Preschool Age Exercises Can Prevent Dyslexia
Monday, September 1, 2008
Ceramic Material Revs Up Microwaving
Friday, August 29, 2008

Energy, Environment - Aug 27, 2008

Future For Clean Energy Lies In ‘Big Bang’ Of Evolution

The Impact Of Computing On Scientific Advancement
Wednesday, August 27, 2008
Nano-Sized ‘Trojan Horse’ To Aid Nutrition
Tuesday, August 26, 2008
Low-Income? No Car? Expect To Pay More For Groceries
Tuesday, August 26, 2008
New Evidence Debunks ‘Stupid’ Neanderthal Myth
Tuesday, August 26, 2008
Air-Purifying Church Windows Early Nanotechnology
Monday, August 25, 2008

Society - Aug 25, 2008

Research Shows Pollsters How The Undecided Will Vote

‘Can You See Me Now?’ Sign Language Over Cell Phones Comes To United States
Monday, August 25, 2008
One Sleepless Night Increases Dopamine In The Human Brain
Wednesday, August 20, 2008
Local File-Sharing Drastically Cuts Network Load
Wednesday, August 20, 2008
Can Biofuels Be Sustainable?
Wednesday, August 20, 2008
Study Shows The Power Of Mushrooms In Fighting Obesity
Tuesday, August 19, 2008

57 queries / 0.310 seconds.