Gallery < 3.0.5 Multiple Vulnerabilities
Medium Nessus Plugin ID 65767
SynopsisThe remote web server contains a PHP application that is affected by multiple vulnerabilities.
DescriptionAccording to its version number, the Gallery install hosted on the remote web server is affected by multiple vulnerabilities :
- The application is affected by a cross-site scripting (XSS) vulnerability because it fails to properly sanitize user-supplied input to the 'Module Name' field in the advanced settings. Administrator credentials are required in order to exploit this issue.
- An attacker can delete arbitrary files on the remote host under certain conditions when the 'Watermark' module is activated. After a watermark image file has been uploaded, the name of the image can be altered in the advanced settings section. This altered name is used when deleting the file and can allow an arbitrary file to be deleted. Successful exploitation does require administrator credentials.
- The application is affected by a remote code execution vulnerability when the application has not been fully installed. During the application setup, a user enters database information in which the 'host', 'username', and 'password' fields are not properly sanitized. An unauthenticated, remote attacker can take advantage of this vulnerability by using specially crafted input in the affected fields in order to execute arbitrary code on the remote host.
- The application is reportedly affected by additional cross-site scripting issue related to the version of Flowplayer in use by Gallery.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Gallery 3.0.5 or later.