WebsiteBaker Community Forum

WebsiteBaker => Security Announcements => Topic started by: susigross on September 05, 2009, 01:26:55 PM

Title: Security Patch for Module Download Gallery
Post by: susigross on September 05, 2009, 01:26:55 PM

Module:    
Download Gallery

Patched Version:
2.20

Download Link:
http://www.websitebakers.com/pages/modules/listings/various/download-gallery-2.php

Risk level:
Low

Risks:    
Information disclosure
Data disclosure

Description:    

• Under certain server configurations, all versions prior to 2.20 did allow directory listings in the /media/download_gallery folder, which could allow downloads of files even from hidden pages.
• By modifying a known download link, downloads of files even from hidden pages have been possible in all versions prior to 2.13

Suggestions:
Upgrade to version 2.20 as soon as possible

Forum links:
German: https://forum.WebsiteBaker.org/index.php/topic,12184.0.html
English: https://forum.WebsiteBaker.org/index.php/topic,15149.0.html