Detections
Analytics
myGallery mygallerybrowser.php 'myPath' Parameter Remote File Inclusion
high Nessus Plugin ID 25116
Language:
Synopsis
The remote web server contains a PHP script that is affected by a remote file include vulnerability.Description
The third-party myGallery module for WordPress installed on the remote host fails to sanitize input to the 'myPath' parameter of the '/mygallery/myfunctions/mygallerybrowser.php' script before using it to include PHP code. An unauthenticated attacker can exploit this issue to view arbitrary files on the remote host or possibly to execute arbitrary PHP code, perhaps from third-party hosts.Note that exploitation of this issue does not require that PHP's 'register_globals' setting be enabled.
Solution
Upgrade to myGallery version 1.4b5 or later.See Also
https://www.wildbits.de/2007/04/29/sicherheitsluecke-in-mygallery/
Plugin Details
Severity: High
ID: 25116
File Name: mygallery_mypath_file_include.nasl
Version: 1.21
Type: remote
Family: CGI abuses
Published: 4/30/2007
Updated: 6/4/2024
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: High
Score: 7.0
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:wordpress:wordpress
Required KB Items: installed_sw/WordPress, www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 4/29/2007
Exploitable With
CANVAS (CANVAS)
Reference Information
CVE: CVE-2007-2426
BID: 23702