Title: Gallery Remote Code Execution Vulnerability
Severity: HIGH
Description:
Gallery is an open source web based photo album. It is written in PHP and is available for Linux and Unix variant as well as Microsoft Windows operating systems.
A new feature supporting the Windows XP publishing subsystem in Gallery 1.3.2 has introduced a security vulnerability nearly identical to that described in BID 5375.
The PHP script 'publish_xp_docs.php' attempts to include a file, 'init.php', from a path constructed using an uninitiated PHP variable. Malicious remote clients may pass a value for that variable, specifying a remote server as the location of the include file. By doing so, attackers may force a remote server to execute arbitrary PHP code with the privileges of the webserver.
Affected Products:
- Bharat Mediratta Gallery 1.3.2
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
