Security Vulnerability in Media Gallery v1.4x
- Tuesday, May 15 2007 @ 09:53 am EDT
- Contributed by: mevans
- Views: 8,458
A security vulnerability has been identified in Media Gallery affecting all of the v1.4 releases. This vulnerability could allow properly crafted URLs to load files onto your web server and potentially overwrite existing files. Media Gallery v1.4.8b has been released to address this vulnerability and should be upgraded immediately! My thanks to Max for reporting this issue this morning and providing the relevant site logs to validate the vulnerability.
If you do not want to upgrade to the latest version of Media Gallery, you should apply the following patch:
Edit mediagallery/maint/ftpmedia.php
Near the top, immediately before the following line:
require_once($_MG_CONF['path_html'] . 'lib-batch.php');
Add the following code:
// this file can't be used on its own if (strpos ($_SERVER['PHP_SELF'], 'ftpmedia.php') !== false) { die ('This file can not be used on its own.'); }
Save ftpmedia.php. This should resolve the issue.
For more information on other enhancements and fixes to Media Gallery v1.4.8b, please see www.gllabs.org.
Thanks!
Mark