e107 My_Gallery Plugin 'dload.php' Arbitrary File Download Vulnerability

The e107 My_Gallery plugin is prone to a vulnerability that lets attackers to download arbitrary files because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files within the context of the webserver process. Information obtained may aid in further attacks.

This issue affects My_Gallery 2.3; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus