Title: DM Albums Multiple File Deletion Vulnerabilities
Severity: HIGH
Description:
DM Albums is a PHP-based image-gallery plugin for WordPress. DM Albums can also be run as an independent web application.
DM Albums is prone to multiple vulnerabilities that can allow attackers to delete arbitrary files. The issues occur because the software fails to properly sanitize user-supplied input.
The following issues were reported:
1. The 'delete_album' parameter of the 'dm-albums/wp-dm-albums-ajax.php' script is affected by a directory-traversal vulnerability. This issue can allow attackers to delete arbitrary folders in the context of the affected application.
2. The 'dm-albums/wp-dm-albums-ajax.php' is not restricted to administrative users. Arbitrary users may delete folders in the context of the affected application.
The first issue has been addressed in DM Albums 2.1; the second issue affects version 2.1 and earlier.
Affected Products:
- DutchMonkey DM Albums 2.0
- DutchMonkey DM Albums 2.1
References:
- DutchMonkey: DM Albums Homepage
- DutchMonkey: Latest News & Announcements
- nDarkness: WordPress – DM Albums Version 2.0 Critical Vulnerability
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
