Application: Simple Gallery
Affected Version: 2.2 and other versions.
Vendor’s URL: Simple Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitized.
Archive for the 'Image Galleries' Category
Application: PHP Photo Gallery
Affected Version:
Vendor’s URL: PHP Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Gallery Script Lite Information Disclosure
Published by April 18th, 2008 in Image Galleries and Information Disclosure.Application: Gallery Script Lite
Affected Version:
Vendor’s URL: Gallery Script Lite
Bug Type: Information Disclosure
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
KwsPHP ConcoursPhoto Module SQL Injection
Published by April 18th, 2008 in Image Galleries and SQL Injection.Application: KwsPHP ConcoursPhoto Module
Affected Version: 2.0 and prior version.
Vendor’s URL: KwsPHP ConcoursPhoto Module
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 2.1.
Coppermine Photo Gallery SQL Injection
Published by April 18th, 2008 in Image Galleries and SQL Injection.Application: Coppermine Photo Gallery
Affected Version: 1.4.16 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.4.17.
Coppermine Photo Gallery SQL Injection
Published by April 18th, 2008 in Image Galleries and SQL Injection.Application: Coppermine Photo Gallery
Affected Version: 1.4.17 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.4.18.
e107 my_gallery Plugin Information Disclosure
Published by April 18th, 2008 in Image Galleries and Information Disclosure.Application: e107 my_gallery Plugin
Affected Version: 2.3 and other versions.
Vendor’s URL: e107 my_gallery
Bug Type: Information Disclosure
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Gallarific Multiple Vulnerabilities
Published by March 21st, 2008 in Access Bypass, Cross Site Scripting and Image Galleries.Application: Gallarific
Affected Version: Gallarific Free Edition 1.1 and other versions.
Vendor’s URL: http://www.gallarific.com/
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Critical
Solution:
Use another product, or disable it until the patch is released.
freePHPgallery “lang” Local File Inclusion
Published by February 22nd, 2008 in File Inclusion and Image Galleries.Application: freePHPgallery
Affected Version: 0.6 and other versions.
Vendor’s URL: http://freephpgallery.mbod.net/
Bug Type: File inclusion
Risk Level: Critical
Solution:
Update to version 0.6.1.
Coppermine Photo Gallery Multiple Vulnerabilities
Published by February 21st, 2008 in Cross Site Scripting, Image Galleries and Remote Command Execution.Application: Coppermine Photo Gallery
Affected Version: 1.4.14 and other versions.
Vendor’s URL: http://coppermine-gallery.net/
Bug Type: Cross Site Scripting and System Access
Risk Level: Critical
Solution:
Update to version 1.4.15.
singapore “gallery” XSS
Published by January 22nd, 2008 in Cross Site Scripting and Image Galleries.Application: singapore
Affected Version: 0.10.1 and other versions.
Vendor’s URL: http://www.sgal.org/
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitized.
ASP Photo Gallery Multiple SQL Injection
Published by January 22nd, 2008 in Image Galleries and SQL Injection.Application: ASP Photo Gallery
Affected Version: 1.0.
Vendor’s URL: http://www.matteobinda.com/apg.php
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
minimal Gallery Information Disclosure Vulnerabilities
Published by January 22nd, 2008 in Image Galleries and Information Disclosure.Application: minimal Gallery
Affected Version: 0.8.
Vendor’s URL: http://minimalgallery.net/home
Bug Type: Exposure of sensitive information
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized. Restrict access to php_info.php (e.g. with “.htaccess”).
vBGallery PHP Script Upload Vulnerability
Published by January 22nd, 2008 in File Inclusion and Image Galleries.Application: vBGallery
Affected Version: prior to version 2.4.2.
Vendor’s URL: http://www.photopost.com/
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Update to version 2.4.2.
Coppermine Photo Gallery YABBSE.INC.PHP Remote File Include Vulnerability
Published by August 30th, 2007 in Applications, File Inclusion, Image Galleries and Vulnerabilities.Application Affected :
Coppermine Photo Gallery 1.4
Coppermine Photo Gallery 1.3.4
Coppermine Photo Gallery 1.3.3
Coppermine Photo Gallery 1.3.2
Coppermine Photo Gallery 1.3.1
Vendor’s URL: CopperMine HomePage
Bug Type: Input Validation
Risk Level: Medium
Solution: The fix will be included in newer version of Coppermine Photo Gallery 1.4.2 .
