Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

Gallery Install Log Information Disclosure Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Checks for Gallery install log

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is prone to an
information disclosure issue.

Description :

The remote host is running Gallery, a web-based photo album
application written in PHP.

The installation of Gallery on the remote host places its data
directory under the web server's data directory and makes its install
log available to anyone. Using a simple GET request, a remote
attacker can retrieve this log and discover sensitive information
about the affected application and host, including installation paths,
the admin password hash, etc.

See also :

Solution :

Move the gallery data directory outside the web server's document root
or remove the file 'install.log' in that directory.

Threat Level:

Low / CVSS Base Score : 2.3

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.