• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

DPGS Form Field Input Validation Vulnerability

Duma Photo Gallery System (DPGS) does not sufficiently validate form field input. This may allow remote attackers to disclose the contents of arbitrary web-readable files via directory traversals. It has also been reported that this lack of sufficient input validation may also be exploited to overwrite any files which are writeable by the webserver process.

Exploitation of this vulnerability may be extended to affect arbitrary system files on some webservers running under Microsoft Windows, if the webserver is run with SYSTEM privileges.

It should be noted that DPGS is no longer being maintained, so a vendor-supplied fix is unlikely.