Gallery Multiple Unauthorized Access Vulnerability

Bugtraq ID:	25580
Class:	Input Validation Error
CVE:	CVE-2007-4650
Remote:	Yes
Local:	No
Published:	Sep 06 2007 12:00AM
Updated:	Mar 13 2008 03:51AM
Credit:	Merrick Manalastas and Nicklous Roberts are credited with the discovery of these vulnerabilities.
Vulnerable:	Redhat Fedora Core7 Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Bharat Mediratta Gallery 2.2.2 Bharat Mediratta Gallery 2.2.1 Bharat Mediratta Gallery 2.1.2 Bharat Mediratta Gallery 2.2
Not Vulnerable:	Bharat Mediratta Gallery 2.2.3

Gallery Multiple Unauthorized Access Vulnerability

Gallery is prone to multiple unauthorized-access vulnerabilities in the WebDAC and Reupload modules.

An attacker can exploit these issues to rename items, modify items, retrieve item properties, locate items, replace items, and edit item data.

These issues affect versions prior to Gallery 2.2.3.

Gallery Multiple Unauthorized Access Vulnerability

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Gallery Multiple Unauthorized Access Vulnerability

Solution:
The vendor released an update to address this issue. Please see the references for more information.

Gallery Multiple Unauthorized Access Vulnerability

References:

• Gallery 2.2.3 Security Fix Release (Bharat Mediratta)
  
• Gallery Homepage (Bharat Mediratta)