Bharat Mediratta Gallery Remote File Include Vulnerability

Solution:
Reportedly, exploitation of this type of vulnerability is not possible unless both 'allow_url_fopen' and 'register_globals' are enabled in the local site PHP configuration.

It is good practice to disable any unneeded options.

The vendor is aware of this vulnerabilty. Gallery version 1.3.1 will be available for download on August 2, 2002. Fixes have been made available in the Gallery CVS tree. It is recommended that users download the newest version (1.3.1-cvs-b13 or better) when upgrading from the CVS snapshots.

FreeBSD has released upgrades. Users are advised to upgrade their Ports
collection and reinstall the affected port.

The following fixes are available:


Bharat Mediratta Gallery 1.1

Bharat Mediratta Gallery 1.2

Bharat Mediratta Gallery 1.2.1

Bharat Mediratta Gallery 1.2.1 p1

Bharat Mediratta Gallery 1.2.2

Bharat Mediratta Gallery 1.2.3

Bharat Mediratta Gallery 1.2.4

Bharat Mediratta Gallery 1.2.5

Bharat Mediratta Gallery 1.3


 

Privacy Statement
Copyright 2010, SecurityFocus