DM Albums™ Download Vulnerability December 14th, 2009
DM Albums™ suffer from an potential vulnerability which allows download of any files from publicly accessible pages.
Update: This is resolved in version 2.4.
Tags: Closed, Priority 4, Severity 4 Posted in DM Albums, Defect, Exploit | 2 Comments »
2 Responses to “DM Albums™ Download Vulnerability”
Proposed Solution: Sanitize just like album_delete and only allow downloads of image filetypes supported by DM Albums and only from within the album being viewed.
[...] security update the resolves the download vulnerability documented here. Thanks to the team at nDarkness.com for their continued efforts in making our products more [...]
Leave a Comment
Name (required)
Mail (will not be published) (required)
Website
Copyright © 1995 - 2010 Productions. All rights reserved.
