SECUNIA ADVISORY ID: SA43028
VERIFY ADVISORY: http://secunia.com/advisories/43028/
RELEASE DATE: 2011-01-25
CRITICALITY: Moderately Critical
DESCRIPTION: A vulnerability has been reported in Gallery, which can be exploited by malicious users to compromise a vulnerable system.The vulnerability is caused due to the application incorrectly validating the extension of an uploaded file. This can be exploited to e.g. upload and execute arbitrary PHP files. Successful exploitation requires upload privileges. The vulnerability is reported in versions prior to 3.0.1.
SOLUTION: Update to version 3.0.1 or apply vendor supplied patches.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Kriss Andsten.
ORIGINAL ADVISORY: Gallery: http://gallery.menalto.com/gallery_3.0.1_released
Gallery Arbitrary File Upload VulnerabilityPosted on Tuesday, January 25, 2011 @ 01:32:58 CST in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
