Gallery Zipcart Module Arbitrary File Disclosure

medium Nessus Plugin ID 21018

Synopsis

The remote web server contains a PHP application that has an information disclosure issue.

Description

The installation of Gallery hosted on the remote web server allows an unauthenticated, remote attacker to use the ZipCart module to retrieve arbitrary files, subject to the privileges of the web server user id.

Note that successful exploitation requires that the ZipCart module is installed and activated on the Gallery install.

Note that the application is also reportedly affected by a cross-site scripting vulnerability in the 'Add Image From Web' feature as well as an information disclosure with the install log; however, Nessus has not tested for these additional issues.

Solution

Deactivate the ZipCart module or upgrade to Gallery version 2.0.2 or later.

See Also

https://www.securityfocus.com/archive/1/archive/1/418200/100/0/threaded

http://galleryproject.org/gallery_2.0.2_released

https://seclists.org/bugtraq/2005/Nov/366

Plugin Details

Severity: Medium

ID: 21018

File Name: gallery_zipcart_dir_traversal.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 3/6/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:gallery_project:gallery

Required KB Items: www/gallery, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 11/29/2005

Vulnerability Publication Date: 11/29/2005

Reference Information

CVE: CVE-2005-4023

BID: 15614