Gallery远程全局变量注入漏洞

The vendor has released Gallery 1.4.1-pl1 to address this issue. Users are advised to upgrade to the fixed version. Gentoo has released advisory GLSA 200402-04 dealing with this issue. Please see the reference section for details. The vendor has released Gallery 1.4.2 to address this and other issues. It is advised that if possible, users should upgrade to this version. Bharat Mediratta Gallery 1.3.1

• Bharat Mediratta Gallery 1.41-pl1 http://sourceforge.net/project/showfiles.php?group_id=7130&package_id= 7239&release_id=212324

Bharat Mediratta Gallery 1.3.2

• Bharat Mediratta Gallery 1.41-pl1 http://sourceforge.net/project/showfiles.php?group_id=7130&package_id= 7239&release_id=212324

Bharat Mediratta Gallery 1.3.3

• Bharat Mediratta Gallery 1.41-pl1 http://sourceforge.net/project/showfiles.php?group_id=7130&package_id= 7239&release_id=212324

Bharat Mediratta Gallery 1.4

• Bharat Mediratta Gallery 1.41-pl1 http://sourceforge.net/project/showfiles.php?group_id=7130&package_id= 7239&release_id=212324

Bharat Mediratta Gallery 1.4.1

• Bharat Mediratta Gallery 1.41-pl1 http://sourceforge.net/project/showfiles.php?group_id=7130&package_id= 7239&release_id=212324

来源: BUGTRAQ 名称: 20040127 Remote exploit in Gallery 1.3.1, 1.3.2, 1.3.3, 1.4 and 1.4.1 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=107524414317693&w=2 来源: gallery.menalto.com 链接:http://gallery.menalto.com/modules.php?op=modload&name=News&file=index 来源: XF 名称: gallery-gallerybasedir-file-include(14950) 链接:http://xforce.iss.net/xforce/xfdb/14950 来源: BID 名称: 9490 链接:http://www.securityfocus.com/bid/9490 来源: GENTOO 名称: GLSA-200402-04 链接:http://www.gentoo.org/security/en/glsa/glsa-200402-04.xml 来源: SECUNIA 名称: 10712 链接:http://secunia.com/advisories/10712/ 来源: OSVDB 名称: 3737 链接:http://www.osvdb.org/3737