Security Patch for Module Download Gallery

News

WebsiteBaker 2.13.9 R22 is now available!

R.I.P Dietmar (luisehahne) and thank you for all your valuable work for WB
https://forum.websitebaker.org/index.php/topic,32355.0.html

Support WebsiteBaker

Your donations will help to:

Pay for our dedicated server
Pay for domain registration
and much more!

You can donate by clicking on the button below.

Print

Pages: [1] Go Down

Author Topic: Security Patch for Module Download Gallery (Read 18340 times)

susigross

Guest

Security Patch for Module Download Gallery

« on: September 05, 2009, 01:26:55 PM »

Module:
Download Gallery

Patched Version:
2.20

Download Link:
http://www.websitebakers.com/pages/modules/listings/various/download-gallery-2.php

Risk level:
Low

Risks:
Information disclosure
Data disclosure

Description:

Under certain server configurations, all versions prior to 2.20 did allow directory listings in the /media/download_gallery folder, which could allow downloads of files even from hidden pages.
By modifying a known download link, downloads of files even from hidden pages have been possible in all versions prior to 2.13

Suggestions:
Upgrade to version 2.20 as soon as possible

Forum links:
German: https://forum.WebsiteBaker.org/index.php/topic,12184.0.html
English: https://forum.WebsiteBaker.org/index.php/topic,15149.0.html

Logged

Print

Pages: [1] Go Up

SMF 2.0.19 | SMF © 2017, Simple Machines
XHTML
RSS
WAP2