ThreatPress

WordPress Vulnerabilities Database

Back

WordPress myGallery Plugin <= 1.4 - Remote File Inclusion

Product
myGallery
Description
Because of this vulnerability in myfunctions/mygallerybrowser.php, the attackers can execute arbitrary PHP code via a URL in the "myPath" parameter.
Solution
Update the WordPress myGallery plugin to the latest available version (at least 1.5).
Classification
Type Remote File Inclusion
References
CVE Mitre
CVE
Name CVE-2007-2426
Versions
Affected In <= 1.4
Fixed In 1.5
Disclosure date
2007-05-01
Credits
GoLd_M
Submitter
ThreatPress