Pixaria Gallery Class.Smarty.PHP Remote File Include Vulnerability
BID:23489
Info
Pixaria Gallery Class.Smarty.PHP Remote File Include Vulnerability
| Bugtraq ID: | 23489 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 14 2007 12:00AM |
| Updated: | Apr 16 2007 03:11PM |
| Credit: | irvian is credited with the discovery of this vulnerability. |
| Vulnerable: |
Pixaria Pixaria Gallery 1.4.2 Pixaria Pixaria Gallery 1.4.1 Pixaria Pixaria Gallery 1.4 Pixaria Pixaria Gallery 1.3.3 Pixaria Pixaria Gallery 1.3.2 Pixaria Pixaria Gallery 1.3.1 Pixaria Pixaria Gallery 1.3 Pixaria Pixaria Gallery 1.2.1 Pixaria Pixaria Gallery 1.2 Pixaria Pixaria Gallery 1.1.6 Pixaria Pixaria Gallery 1.1.5 Pixaria Pixaria Gallery 1.1.4 Pixaria Pixaria Gallery 1.1.3 Pixaria Pixaria Gallery 1.1.2 Pixaria Pixaria Gallery 1.1.1 Pixaria Pixaria Gallery 1.1 Pixaria Pixaria Gallery 1.0.5 Pixaria Pixaria Gallery 1.0.4 Pixaria Pixaria Gallery 1.0.3 Pixaria Pixaria Gallery 1.0.2 Pixaria Pixaria Gallery 1.0.1 |
| Not Vulnerable: |
Pixaria Pixaria Gallery 1.4.3 |
Discussion
Pixaria Gallery Class.Smarty.PHP Remote File Include Vulnerability
Pixaria gallery is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects the 1.x versions; other versions may also be vulnerable.
Pixaria gallery is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects the 1.x versions; other versions may also be vulnerable.
Exploit / POC
Pixaria Gallery Class.Smarty.PHP Remote File Include Vulnerability
Attackers can use a browser to exploit these issues.
The following proof-of-concept URI is available:
http://www.example.com/resources/includes/class.Smarty.php?cfg[sys][base_path]=[evilcode]
Attackers can use a browser to exploit these issues.
The following proof-of-concept URI is available:
http://www.example.com/resources/includes/class.Smarty.php?cfg[sys][base_path]=[evilcode]
Solution / Fix
Pixaria Gallery Class.Smarty.PHP Remote File Include Vulnerability
Solution:
The vendor has released a patch and update to address this issue.
Pixaria Pixaria Gallery 1.4
Pixaria Pixaria Gallery 1.4.1
Pixaria Pixaria Gallery 1.4.2
Solution:
The vendor has released a patch and update to address this issue.
Pixaria Pixaria Gallery 1.4
-
Pixaria class.Smarty.php.zip
http://www.pixaria.com/resources/data/class.Smarty.php.zip
Pixaria Pixaria Gallery 1.4.1
-
Pixaria class.Smarty.php.zip
http://www.pixaria.com/resources/data/class.Smarty.php.zip
Pixaria Pixaria Gallery 1.4.2
-
Pixaria class.Smarty.php.zip
http://www.pixaria.com/resources/data/class.Smarty.php.zip
References
Pixaria Gallery Class.Smarty.PHP Remote File Include Vulnerability
References:
References:
- Pixaria 1.4.3 fixes security vulnerability (Pixaria)
- Pixaria Gallery Homepage (Pixaria)
- Pixaria Security Vulnerability Sunday, April 15, 2007 (Pixaria)