FreeBSD : gallery2 -- file disclosure vulnerability (47bdabcf-3cf9-11da-baa2-0004614cc33d)
Medium Nessus Plugin ID 21424
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionMichael Dipper wrote :
A vulnerability has been discovered in gallery, which allows remote users unauthorized access to files on the webserver.
A remote user accessing gallery over the web may use specially crafted HTTP parameters to access arbitrary files located on the webserver.
All files readable by the webserver process are subject to disclosure.
The vulnerability is *not* restricted to the webserver's document root but extends to the whole server file space.
The vulnerability may be used by any anonymous user, there is no login to the application required.
SolutionUpdate the affected package.