my_gallery plugin for e107 dload.php file download

mygallery-dload-file-download (41433) The risk level is classified as LowLow Risk

Description:

The my_gallery plugin for e107 could allow a remote attacker to download arbitrary files to a victim's system, caused by improper validation by the dload.php script. By persuading a victim to open a specially-crafted .jpg file using the file parameter, an attacker could force the victim to download the file to their system. This file could then be used to launch further attacks against the system.

Platforms Affected:

  • e107, my_gallery plugin for e107 2.3

Remedy:

No remedy available as of August 2, 2008.

Consequences:

Gain Access

References:

  • e107.org Web page, plugins@e107 at http://plugins.e107.org/e107_plugins/psilo/psilo.php?artifact.208.
  • BID-28440: e107 My_Gallery Plugin 'dload.php' Arbitrary File Download Vulnerability
  • CVE-2008-1702: Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information.
  • SA29493: e107 my_gallery Plugin "file" Information Disclosure

Reported:

Mar 25, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page