Security hole in My_eGallery

peterhou

Verified User
Joined
Dec 9, 2004
Messages
26
Please find /modules/My_eGallery/public/displayCategory.php
At the top of the file,there are:
include ("$basepath/public/imageFunctions.php"); include ("$basepath/includes/fileFunctions.php"); include ("$basepath/includes/treemenu.php");


Please add a line in the top:
$basepath = "modules/My_eGallery";
to:
$basepath = "modules/My_eGallery"; include ("$basepath/public/imageFunctions.php"); include ("$basepath/includes/fileFunctions.php"); include ("$basepath/includes/treemenu.php");

Search your server and find out My_eGallery,tell the user fix this file.(My_eGallery is a CMS module which using in diffirent kinds of CMS).
This hole can let anyone install anything to your server.

Regards
peter
 
Back
Top