CVE-2009-4614

Name of the Vulnerable Software and Affected Versions Moa Gallery versions 1.2.0 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the MOA PATH parameter to various PHP files, including (1) error funcs.php, (2) integrity funcs.php, (3) template component admin.php, (4) template component gallery.php, (5) template parser.php, (6) mod gallery funcs.php, (7) mod image funcs.php, (8) mod tag funcs.php, (9) mod tag view.php, (10) mod upgrade funcs.php, (11) mod user funcs.php, (12) page admin.php, (13) page gallery add.php, (14) page gallery view.php, (15) page image add.php, (16) page image view full.php, (17) page login.php, and (18) page sitemap.php in the sources/ directory.

Recommendations For Moa Gallery versions 1.2.0 and earlier, consider disabling the MOA PATH parameter to prevent remote file inclusion attacks until a patch is available. Restrict access to the affected PHP files in the sources/ directory to minimize the risk of exploitation. Avoid using the MOA PATH parameter in URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.