XoopsGallery Module 'init_basic.php' Remote File Include Vulnerability - Security - XOOPS News

XOOPS

News

News World of XOOPS Developers Hacks Themes Archive Submit News

Security: XoopsGallery Module 'init_basic.php' Remote File Include Vulnerability

Posted by: phpppOn 2008/1/11 15:18:07 32416 reads

XoopsGallery is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

XoopsGallery 1.3.3.9 has been confirmed vulnerable.

we advise you to upgrade to XoopsGallery 2.1+ or inactivate the module immediately until this issue is solved.

Thank SecurityFocus, Eugene Minaev and Northern .

The comments are owned by the author. We aren't responsible for their content.

Re: XoopsGallery Module 'init_basic.php' Remote...

Shine Published 01/12/2008 8:47 Just can't stay away Joined 07/22/2002 Comments 822

Yeah right........ where can the version XoopsGallery 2.1+ be downloaded?
The website xoopsgallery.org isn't reachable anymore.
Again: mentioning advising (!) another version without applying any descend link doesn't work.

Where can this XoopsGallery 2.1+ be downloaded??

Re: XoopsGallery Module 'init_basic.php' Remote...

BlueStocking Published 01/12/2008 16:41 Updated 01/12/2008 19:29 Home away from home Joined 02/16/2007 Comments 1191

Hi Shine,

http://codex.gallery2.org/Main_Page

http://codex.gallery2.org/Gallery2ownload#Packages

http://codex.gallery2.org/Integration
SEE: [XOOPS Download CMS/Portal alpha G2.0(.x) greyhair]

Maybe the link above will help. I am not a module developer so I would not know for certain but it appears XOOPSGallery 2 was designed on this platform, so maybe you or someone will re-xoopsify it.

Sidenote: Beautiful Wiki support.