Application: Coppermine Photo Gallery
Affected Version: version 1.4.22 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection and System access
Risk Level: Critical

Solution:
Set “magic_quotes_gpc” to “On” and “register_globals” to “Off”.

Access Bypass, Image Galleries, SQL Injection

Application: Coppermine
Affected Version: version 1.4.20 and 1.4.21 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.4.21, which protects from exploitation via bbcode tags. Do not visit untrusted web sites while logged on to the application.

Cross Site Scripting, Image Galleries

Application: Coppermine
Affected Version: version 1.4.19 and other versions.
Vendor’s URL: Photo Gallery
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.4.20.

Access Bypass, Image Galleries

Application: Gallery
Affected Version: Gallery 1.x versions 1.5.8-svn-b34 and later
Vendor’s URL: Gallery
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.5.10.

Access Bypass, Image Galleries

Application: Coppermine
Affected Version: version 1.4.18 and other versions.
Vendor’s URL: Photo Gallery
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.4.19.

File Inclusion, Image Galleries

Application: Gallery
Affected Version: prior to 1.5.8
Vendor’s URL: Gallery
Bug Type:
Risk Level: Security Bypass, Cross Site Scripting

Solution:
Update to version 1.5.8.

Access Bypass, Cross Site Scripting, Image Galleries

Application: Zoph
Affected Version: prior to 0.7.0.5.
Vendor’s URL: Zoph
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 0.7.0.5.

Image Galleries, SQL Injection

Application: Gallery
Affected Version: all 2.x versions before 2.2.5
Vendor’s URL: http://gallery.menalto.com/
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Medium

Solution:
Update to version 2.2.5. Remove password protection from any non-album items.

Access Bypass, Cross Site Scripting, Image Galleries

Application: PHP Image Gallery
Affected Version:
Vendor’s URL: PHP Image Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Cross Site Scripting, Image Galleries

Application: Galleristic
Affected Version: version 1.0 and other versions.
Vendor’s URL: Galleristic
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Image Galleries, SQL Injection

Application: Simple Gallery
Affected Version: 2.2 and other versions.
Vendor’s URL: Simple Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Cross Site Scripting, Image Galleries

Application: PHP Photo Gallery
Affected Version:
Vendor’s URL: PHP Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Image Galleries, SQL Injection

Application: Gallery Script Lite
Affected Version:
Vendor’s URL: Gallery Script Lite
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Image Galleries, Information Disclosure

Application: KwsPHP ConcoursPhoto Module
Affected Version: 2.0 and prior version.
Vendor’s URL: KwsPHP ConcoursPhoto Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.1.

Image Galleries, SQL Injection

Application: Coppermine Photo Gallery
Affected Version: 1.4.16 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.4.17.

Image Galleries, SQL Injection

Application: Coppermine Photo Gallery
Affected Version: 1.4.17 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.4.18.

Image Galleries, SQL Injection

Application: e107 my_gallery Plugin
Affected Version: 2.3 and other versions.
Vendor’s URL: e107 my_gallery
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Image Galleries, Information Disclosure

Application: Gallarific
Affected Version: Gallarific Free Edition 1.1 and other versions.
Vendor’s URL: http://www.gallarific.com/
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Critical

Solution:
Use another product, or disable it until the patch is released.

Access Bypass, Cross Site Scripting, Image Galleries

Application: freePHPgallery
Affected Version: 0.6 and other versions.
Vendor’s URL: http://freephpgallery.mbod.net/
Bug Type: File inclusion
Risk Level: Critical

Solution:
Update to version 0.6.1.

File Inclusion, Image Galleries

Application: Coppermine Photo Gallery
Affected Version: 1.4.14 and other versions.
Vendor’s URL: http://coppermine-gallery.net/
Bug Type: Cross Site Scripting and System Access
Risk Level: Critical

Solution:
Update to version 1.4.15.

Cross Site Scripting, Image Galleries, Remote Command Execution