• info
• discussion
• exploit
• solution
• references

Gallery Remote Global Variable Injection Vulnerability

Solution:
The vendor has released Gallery 1.4.1-pl1 to address this issue. Users are advised to upgrade to the fixed version.

Gentoo has released advisory GLSA 200402-04 dealing with this issue. Please see the reference section for details.

The vendor has released Gallery 1.4.2 to address this and other issues. It is advised that if possible, users should upgrade to this version.


Bharat Mediratta Gallery 1.3.1

• Bharat Mediratta Gallery 1.41-pl1
  http://sourceforge.net/project/showfiles.php?group_id=7130&package_id= 7239&release_id=212324

Bharat Mediratta Gallery 1.3.2

• Bharat Mediratta Gallery 1.41-pl1
  http://sourceforge.net/project/showfiles.php?group_id=7130&package_id= 7239&release_id=212324

Bharat Mediratta Gallery 1.3.3

• Bharat Mediratta Gallery 1.41-pl1
  http://sourceforge.net/project/showfiles.php?group_id=7130&package_id= 7239&release_id=212324

Bharat Mediratta Gallery 1.4

• Bharat Mediratta Gallery 1.41-pl1
  http://sourceforge.net/project/showfiles.php?group_id=7130&package_id= 7239&release_id=212324

Bharat Mediratta Gallery 1.4.1

• Bharat Mediratta Gallery 1.41-pl1
  http://sourceforge.net/project/showfiles.php?group_id=7130&package_id= 7239&release_id=212324