News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Secunia.com:
WordPress myGallery Plugin "myPath" File Inclusion
April 30, 2007 @ 14:51:00

Secunia has new advisory posted today about a WordPress vulnerability that's been found surrounding the use of the myGallery plugin:

GolD_M has discovered a vulnerability in the myGallery plugin for WordPress, which can be exploited by malicious people to disclose sensitive information and to compromise a vulnerable system.

Input passed to the "myPath" parameter in myfunctions/mygallerybrowser.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

This issue is confirmed on WordPress 1.2.1 but other versions might be affected. It's recommended that users upgrade to the latest version of the blogging software to prevent issues. As of the writing of this release, though, the only upgrade is to the beta version 1.4.b5.

0 comments voice your opinion now!
wordpress vulnerability mypath fileinclusion mygallery wordpress vulnerability mypath fileinclusion mygallery


blog comments powered by Disqus

Similar Posts

Ryan Malesevich's Blog: WP Plugins: WP-Wap, Make a WAP Version of Your Blog

Secunia.com: WordPress myGallery Plugin "myPath" File Inclusion

Secunis.com: Travelsized CMS index.php Cross-Site Scripting Vulnerabilities

Leonid Mamchenkov's Blog: Where did all the PHP programmers go?

Secunia.com: Joomla! Multiple Vulnerabilities


Community Events





Don't see your event here?
Let us know!


introduction unittest release language interview community refactor api opinion install testing laravel list code developer podcast symfony2 framework series threedevsandamaybe

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework