Browse > Home / Blog article: Photopost vbulletin gallery releases update

Photopost vbulletin gallery releases update

By Brian Turner

January 9, 2008

The developers of Photopost, the popular image gallery addon for vbulletin, have released a new version of Photopost Gallery.

This is due to an exploit that affects all versions of PhotoPost vBGallery prior to 2.4.2 but does not affect PhotoPost Pro, ReviewPost, or PhotoPost Classifieds.

This is due to a new exploit that hackers have created in order to upload and attempt to execute php scripts on a webserver using vBGallery.

The exploit essentially involves uploading a PHP script disguised as an image file, using a filename that contains a “.php.gif”, “php.wmv” or a similar file extension in order to manipulate or trick the Apache webserver into executing the script as a PHP program.

Ultimately, this is a security flaw in the Apache webserver and has the potential to affect any software that handles user file uploads, not just vBGallery, but Photopost have patched vBGallery and released 2.4.2 to prevent this issue from occuring.

Click here to discuss this: Security Forums

Filed Under Internet Security News, Software Security 
Tagged:



Add to Bookmarks:

ADD TO DEL.ICIO.US     ADD TO DIGG     ADD TO FURL

ADD TO STUMBLEUPON     ADD TO YAHOO MYWEB     ADD TO GOOGLE     ADD TO SPURL


Related posts to "Photopost vbulletin gallery releases update":



Comments

Got something to say?





Visited 1807 times, 2 so far today