vendor:
Gallery
by:
SecurityFocus
7.5
CVSS
HIGH
Improper Sanitization of User-Supplied Data
20
CWE
Product Name: Gallery
Affected Version From: 1.3.2001
Affected Version To: 1.4.2001
Patch Exists: YES
Related CWE: N/A
CPE: a:gallery:gallery
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
Gallery Remote Access Vulnerability
It has been reported that Gallery is prone to a vulnerability that may allow a remote attacker to gain unauthorized access by overwriting various values for global variables. The issue occurs due to improper simulation of the behaviour of register_globals when the register_globals settings is disabled. It has been reported that register_globals functionality is simulated by extracting the values of the various $HTTP_ global variables into the global namespace. Due to improper sanitization of user-supplied data, an attacker may be able to overwrite the value of 'HTTP_POST_VARS' via the register_global simulation. Arbitrary PHP files may be included via the 'GALLERY_BASEDIR' parameter.
Mitigation:
Ensure that user-supplied data is properly sanitized before being used.
