Gallery < 1.5.8 modules.php phpEx Parameter Traversal Local File Inclusion

medium Nessus Network Monitor Plugin ID 4619

Synopsis

The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.

Description

The remote host is running Gallery, a web-based photo album application written in PHP. The version of Gallery installed on the remote host is less than 1.5.8. This version of Gallery is vulnerable to a local file inclusion vulnerability. The root of the flaw is in the 'phpEx' parameter of the '/contrib/phpBB2/modules.php' script. An attacker exploiting this flaw would send a specially formatted request to the modules.php application. The request would likely include a directory traversal to some local file on the server. e.g. '../../../etc/passwd'. Successful exploitation would result in the attacker gaining 'read' access to confidential files.

Solution

Upgrade to version 1.5.8 or higher.

See Also

http://gallery.sourceforge.net

Plugin Details

Severity: Medium

ID: 4619

Family: CGI

Published: 8/11/2008

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Reference Information

BID: 30608