Summary
This host is installed with WordPress GRAND Flash Album Gallery Plugin and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to read arbitrary files via directory traversal attacks and gain sensitive information via SQL Injection attack.
Impact Level: Application
Solution
Upgrade to version 1.76 or later,
For updates refer to http://wordpress.org/extend/plugins/flash-album-gallery
Insight
The flaws are due to
- input validation error in 'want2Read' parameter to 'wp-content/plugins/ flash-album-gallery/admin/news.php', which allows attackers to read arbitrary files via a ../(dot dot) sequences.
- improper validation of user-supplied input via the 'pid' parameter to 'wp-content/plugins/flash-album-gallery/lib/hitcounter.php', which allows attackers to manipulate SQL queries by injecting arbitrary SQL code.
Affected
WordPress GRAND Flash Album Gallery Version 0.55.
References
- http://osvdb.org/show/osvdb/71072
- http://osvdb.org/show/osvdb/71073
- http://secunia.com/advisories/43648/
- http://www.exploit-db.com/exploits/16947/
- http://www.htbridge.ch/advisory/file_content_disclosure_in_grand_flash_album_gallery_wordpress_plugin.html
- http://www.htbridge.ch/advisory/sql_injection_in_grand_flash_album_gallery_wordpress_plugin.html
Updated on 2015-03-25