Gallery Multiple Security Vulnerabilities
BID:58172
Info
Gallery Multiple Security Vulnerabilities
| Bugtraq ID: | 58172 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 26 2013 12:00AM |
| Updated: | Feb 26 2013 12:00AM |
| Credit: | Michael T. Boos, AMol NAik, Sergey Markov and James 'albino' Kettle |
| Vulnerable: |
Bharat Mediratta Gallery 2.2.6 Bharat Mediratta Gallery 2.2.5 Bharat Mediratta Gallery 2.2.4 Bharat Mediratta Gallery 2.2.3 |
| Not Vulnerable: | |
Discussion
Gallery Multiple Security Vulnerabilities
Gallery is prone to following security vulnerabilities:
1. An information-disclosure vulnerability
2. A cross-site scripting vulnerability
3. A cross-site request-forgery vulnerability
4. A security-bypass vulnerability
An attacker may leverage these issues to obtain sensitive information, bypass security restrictions, perform certain administrative actions, gain unauthorized access, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Gallery is prone to following security vulnerabilities:
1. An information-disclosure vulnerability
2. A cross-site scripting vulnerability
3. A cross-site request-forgery vulnerability
4. A security-bypass vulnerability
An attacker may leverage these issues to obtain sensitive information, bypass security restrictions, perform certain administrative actions, gain unauthorized access, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Solution / Fix
Gallery Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Gallery Multiple Security Vulnerabilities
References:
References: