Secunia Research: InterPhoto Gallery "file" Directory Traversal Vulnerability

====================================================================== 

                     Secunia Research 18/08/2010

   - InterPhoto Gallery "file" Directory Traversal Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* InterPhoto Gallery 2.4.0 (downloaded 2010-07-12)

NOTE: Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Moderately critical
Impact: Information Disclosure
Where:  From remote

====================================================================== 
3) Vendor's Description of Software 

"InterPhoto Image Gallery is an open-source, simple-using, advanced,
professional multi-users' image website System, and it can primely
protect the images of your site. InterPhoto can be used to build all
kinds of sites which lay out images mainly, such as: design, fashion,
exhibition, photograph, painting sites and so on.".

Product Link:
http://www.weensoft.com/forum/thread-38-1-1.html

====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in InterPhoto Gallery,
which can be exploited by malicious people to disclose sensitive
information.

Input passed via the "file" parameter to InterPhoto.thumbnail.php is 
not properly sanitised before being used. This can be exploited to 
disclose the content of arbitrary files by passing a specially crafted
string, including directory traversal sequences.

====================================================================== 
5) Solution 

Update to an updated version 2.4.0 (2010-07-13).

====================================================================== 
6) Time Table 

12/07/2010 - Vendor notified.
13/07/2010 - Vendor response.
28/07/2010 - Sent status request.
04/08/2010 - Sent status request.
18/08/2010 - Public disclosure.

====================================================================== 
7) Credits 

Discovered by Secunia Research.

====================================================================== 
8) References

The Common Vulnerabilities and Exposures (CVE) project has not 
currently assigned a CVE identifier for the vulnerability.

====================================================================== 
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

====================================================================== 
10) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2010-94/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================