Release date:
Updated on:
Affected Systems:
WordPress GRAND Flash Album Gallery
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56236
GRAND Flash Album Gallery for WordPress is a plug-in for managing image libraries, video libraries, recording sets, and Ad loop systems.
GRAND Flash Album Gallery has multiple security vulnerabilities, including SQL injection, directory traversal, and Arbitrary File Overwrite vulnerabilities, after successful exploitation, attackers can overwrite arbitrary files on the affected computer, control applications, leak or delete sensitive information, access or modify data, and exploit vulnerabilities in other lower-layer databases.
<* Source: Janek Vind "waraxe" (come2waraxe@yahoo.com)
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://wordpress.org/extend/plugins/flash-album-gallery/