Author Topic: Security Patch for Module Download Gallery  (Read 5381 times)

Offline FrankH

  • Posts: 734
  • Gender: Male
    • Website Baker Demos
Security Patch for Module Download Gallery
« on: September 05, 2009, 01:26:55 PM »
Module:    
Download Gallery

Patched Version:
2.20

Download Link:
http://www.websitebakers.com/pages/modules/listings/various/download-gallery-2.php

Risk level:
Low

Risks:    
Information disclosure
Data disclosure

Description:    
  • Under certain server configurations, all versions prior to 2.20 did allow directory listings in the /media/download_gallery folder, which could allow downloads of files even from hidden pages.
  • By modifying a known download link, downloads of files even from hidden pages have been possible in all versions prior to 2.13

Suggestions:
Upgrade to version 2.20 as soon as possible

Forum links:
German: http://www.websitebaker2.org/forum/index.php/topic,12184.0.html
English: http://www.websitebaker2.org/forum/index.php/topic,15149.0.html
Ochs und Esel in ihrem Lauf
halt ich leider auch nicht auf

 

postern-length