Gallery Install Log Local Information Disclosure

medium Nessus Plugin ID 21019

Synopsis

The remote web server contains a PHP application that is prone to an information disclosure issue.

Description

The installation of Gallery hosted on the remote web server places its data directory under the web server's document root and makes its install log available to anyone. Using a simple GET request, a remote attacker can retrieve this log and discover sensitive information about the affected application and host, including installation paths, the admin password hash, etc.

The install is reportedly also affected by a cross-site scripting vulnerability in the 'Add Image From Web' feature as well as an information disclosure issue with the ZipCart module, although Nessus has not tested for these additional issues.

Solution

Move the gallery data directory outside the web server's document root, remove the file 'install.log' in that directory, or upgrade to version 2.0.2 or later.

See Also

https://seclists.org/bugtraq/2005/Nov/366

https://www.securityfocus.com/archive/1/418200

http://galleryproject.org/gallery_2.0.2_released

Plugin Details

Severity: Medium

ID: 21019

File Name: gallery_install_log.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 3/6/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:gallery_project:gallery

Required KB Items: www/PHP, www/gallery

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 11/29/2005

Vulnerability Publication Date: 11/29/2005

Reference Information

CVE: CVE-2005-4021

BID: 15614