Omilen Photo Gallery Beta 0.5 - Local File Inclusion

vendor:

Omilen Photo Gallery

by:

ByALBAYX

5.5

CVSS

MEDIUM

Local File Inclusion (LFI)

CWE

Product Name: Omilen Photo Gallery

Affected Version From: 0.5

Affected Version To: 0.5

Patch Exists: NO

Related CWE:

CPE: omilen_photo_gallery_beta

Metasploit:

Other Scripts:

Platforms Tested:

2009

Omilen Photo Gallery Beta 0.5 – Local File Inclusion

The Omilen Photo Gallery Beta 0.5 script is vulnerable to Local File Inclusion (LFI) attack. An attacker can exploit this vulnerability by manipulating the 'controller' parameter in the 'index.php?option=com_omphotogallery' URL, allowing them to include arbitrary files from the server.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and implement proper input validation and output encoding. Additionally, restrict access to sensitive files and directories.

Source

Exploit-DB raw data:

@~~=======================================~~@
====C4TEAM.ORG====ByALBAYX====C4TEAM.ORG=====
@~~=======================================~~@
@~~=Author   : ByALBAYX

@~~=Website  : WWW.C4TEAM.ORG
@~~===============TURKISH=================~~@


@~~=======================================~~@
@~~=Script   : Omilen Photo Gallery Beta 0.5

@~~=S.Site   : http://omilenitsolutions.com
@~~=======================================~~@

@~~=Vul      :

@~~=http://c4team.org/ [Yol] /index.php?option=com_omphotogallery&controller= [-LFI-]

@~~=Dork     : inurl:"com_omphotogallery"

@~~=http://kht.by.ru/Google.txt

@~~=Vs..
              _.--"""""--._
            .'             '.
           /                 \
          ;       C4TEAM      ;
          |                   |
          |                   |
          ;                   ;                   ByALBAYX
           \ (`'--,    ,--'`) /
            \ \  _ )  ( _  / /                 WWW.C4TEAM.ORG
             ) )(')/  \(')( (
            (_ `""` /\ `""` _)
             \`"-, /  \ ,-"`/                       
              `\ / `""` \ /`
               |/\/\/\/\/\|                      
               |\        /|
               ; |/\/\/\| ;
                \`-`--`-`/
                 \      /
                  ',__,'
@~~=======================================~~@

@~~=:/

# milw0rm.com [2009-06-03]