Application: zenphoto
Affected Version: version 1.4.1.4 and prior versions.
Vendor’s URL: Ajax File Manager
Bug Type: Code Injection
Risk Level: Critical

Solution:
Update to version 1.4.1.5 or later.

Image Galleries, Remote Command Execution

Application: Ayco Resim Galeri
Affected Version:
Vendor’s URL: Ayco Resim Galeri
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Image Galleries, SQL Injection

Application: PHP Album
Affected Version: version 0.4.1.14.fix06 and other versions.
Vendor’s URL: PHP Album
Bug Type: Cross Site Scripting and system access
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised. Do not browse untrusted sites or follow untrusted links while being logged-in to the application.

Access Bypass, Cross Site Scripting, Image Galleries

Application: TFT Gallery
Affected Version: version 0.13.1
Vendor’s URL: TFT Gallery
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Image Galleries

Application: GaleriaSHQIP
Affected Version: version 1.0 and other versions.
Vendor’s URL: GaleriaSHQIP
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Image Galleries, SQL Injection

Application: Coppermine Photo Gallery
Affected Version: version 1.4.22 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection and System access
Risk Level: Critical

Solution:
Set “magic_quotes_gpc” to “On” and “register_globals” to “Off”.

Access Bypass, Image Galleries, SQL Injection

Application: Coppermine
Affected Version: version 1.4.20 and 1.4.21 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.4.21, which protects from exploitation via bbcode tags. Do not visit untrusted web sites while logged on to the application.

Cross Site Scripting, Image Galleries

Application: Coppermine
Affected Version: version 1.4.19 and other versions.
Vendor’s URL: Photo Gallery
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.4.20.

Access Bypass, Image Galleries

Application: Gallery
Affected Version: Gallery 1.x versions 1.5.8-svn-b34 and later
Vendor’s URL: Gallery
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.5.10.

Access Bypass, Image Galleries

Application: Coppermine
Affected Version: version 1.4.18 and other versions.
Vendor’s URL: Photo Gallery
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.4.19.

File Inclusion, Image Galleries

Application: Gallery
Affected Version: prior to 1.5.8
Vendor’s URL: Gallery
Bug Type:
Risk Level: Security Bypass, Cross Site Scripting

Solution:
Update to version 1.5.8.

Access Bypass, Cross Site Scripting, Image Galleries

Application: Zoph
Affected Version: prior to 0.7.0.5.
Vendor’s URL: Zoph
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 0.7.0.5.

Image Galleries, SQL Injection

Application: Gallery
Affected Version: all 2.x versions before 2.2.5
Vendor’s URL: http://gallery.menalto.com/
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Medium

Solution:
Update to version 2.2.5. Remove password protection from any non-album items.

Access Bypass, Cross Site Scripting, Image Galleries

Application: PHP Image Gallery
Affected Version:
Vendor’s URL: PHP Image Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Cross Site Scripting, Image Galleries

Application: Galleristic
Affected Version: version 1.0 and other versions.
Vendor’s URL: Galleristic
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Image Galleries, SQL Injection

Application: Simple Gallery
Affected Version: 2.2 and other versions.
Vendor’s URL: Simple Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Cross Site Scripting, Image Galleries

Application: PHP Photo Gallery
Affected Version:
Vendor’s URL: PHP Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Image Galleries, SQL Injection

Application: Gallery Script Lite
Affected Version:
Vendor’s URL: Gallery Script Lite
Bug Type: Information Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Image Galleries, Information Disclosure

Application: KwsPHP ConcoursPhoto Module
Affected Version: 2.0 and prior version.
Vendor’s URL: KwsPHP ConcoursPhoto Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.1.

Image Galleries, SQL Injection

Application: Coppermine Photo Gallery
Affected Version: 1.4.16 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.4.17.

Image Galleries, SQL Injection