BID:30249

PhotoPost vBGallery 'upload.php' Arbitrary File Upload Vulnerability

Info

PhotoPost vBGallery 'upload.php' Arbitrary File Upload Vulnerability

Bugtraq ID:	30249
Class:	Input Validation Error
CVE:	CVE-2008-7088
Remote:	Yes
Local:	No
Published:	Jul 16 2008 12:00AM
Updated:	May 07 2015 05:27PM
Credit:	Cold z3ro
Vulnerable:	All Enthusiast Inc PhotoPost vBGallery 2.4.2

Not Vulnerable:

Discussion

PhotoPost vBGallery 'upload.php' Arbitrary File Upload Vulnerability

PhotoPost vBGallery is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code because the application fails to sanitize user-supplied input.

An attacker can leverage this issue to execute arbitrary code on an affected computer with the privileges of the webserver process.

PhotoPost vBGallery v2.4.2 is vulnerable; other versions may also be affected.

Exploit / POC

PhotoPost vBGallery 'upload.php' Arbitrary File Upload Vulnerability

Attackers may exploit this issue via a browser.

Solution / Fix

PhotoPost vBGallery 'upload.php' Arbitrary File Upload Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

PhotoPost vBGallery 'upload.php' Arbitrary File Upload Vulnerability

References:

PhotoPost vBGallery Homepage (All Enthusiast Inc.)