|
|
Gallery Remote Code Execution Vulnerability
Solution: This vulnerability is eliminated in version 1.3.3. Users may patch existing installations by doing the following: Editing the publish_xp_docs.php file. Near the top of the file, the following line should be modified: <?php require($GALLERY_BASEDIR . "init.php"); ?> The following validation code should be added above it: <?php // Hack prevention. if (!empty($HTTP_GET_VARS["GALLERY_BASEDIR"]) || !empty($HTTP_POST_VARS["GALLERY_BASEDIR"]) || !empty($HTTP_COOKIE_VARS["GALLERY_BASEDIR"])) { print "Security violation\n"; exit; } ?> SecurityFocus has not verified this patch. Administrators are advised to upgrade to the newest version. Bharat Mediratta Gallery 1.3.2
|
|
Privacy Statement |