Dacio's Image Gallery Multiple Remote Vulnerabilities

vendor:

Image Gallery

by:

SecurityFocus

7.5

CVSS

HIGH

Arbitrary File Upload, Authentication Bypass, Directory Traversal

264, 287, 22

CWE

Product Name: Image Gallery

Affected Version From: 1.6

Affected Version To: 1.6

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Dacio’s Image Gallery Multiple Remote Vulnerabilities

Dacio's Image Gallery is prone to multiple remote vulnerabilities, including an arbitrary-file-upload vulnerability, an authentication-bypass vulnerability, and a directory-traversal vulnerability. An attacker can exploit these issues to upload and execute arbitrary script code on an affected computer with the privileges of the webserver process, view arbitrary local files, or gain unauthorized access to the affected application.

Mitigation:

Ensure that the application is up to date with the latest version and patch any known vulnerabilities.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/34906/info

Dacio's Image Gallery is prone to multiple remote vulnerabilities:

- An arbitrary-file-upload vulnerability
- An authentication-bypass vulnerability
- A directory-traversal vulnerability

An attacker can exploit these issues to upload and execute arbitrary script code on an affected computer with the privileges of the webserver process, view arbitrary local files, or gain unauthorized access to the affected application.

Dacio's Image Gallery 1.6 is vulnerable; other versions may also be affected.

The following example URI for the directory-traversal vulnerability is available:

http://www.example.com/Dacio_imgGal-v1.6/index.php?gallery=../config.inc%00