Security Notice: 1 Flash Gallery Plugin Vulnerability

  • September 11, 2011
  • News
3 Comments

A vulnerability in the popular third-party plugin, 1 Flash Gallery, has been identified by multiple independent sources. The vulnerability allows attackers to perform an arbitrary file upload (usually a malicious php script or the like) which then can be used to perform various undesirable actions from the victim’s server (typically server a spam email relay).  An attack string looks something like this:

/wp-content/plugins/1-flash-gallery/upload.php?action=uploadify&

The problem occurs because the plugin fails to perform adequate validation checks on files specified for uploads (should only allow images).  The vulnerability is present on versions 1.30 through 1.5.7.  Version 1.5.8 is available from the Official WordPress Plugin Directory.  Immediate update is recommended. If this  is not possible, you may want to consider removing or otherwise thoroughly disabling the plugin until you can address the issue.

Users may also wish to review their server access logs for a string resembling the one above as well as any unusual activity (the mail log is a good place to check for subsequent exploits).

Need help with your WordPress site?  Contact us for our professional services.  We can also provide support & expertise in convenient “blocks” to suit your short and long term needs.

 

I'm the front-man of It's WordPress. I come from a diverse array of backgrounds, enjoying the opportunity to expand my knowledge base and skill set by re-inventing myself. I enjoy environments that focus on emerging information, technology and concepts. I put on the technical hat in my early 20s and never really looked back. I'm love technology and the internet, as well as the outdoors and avidly hike, kayak and camp every chance I get.

About Us

We can take you from concept, through design, development and deployment in one seamless process. Whether you choose a self-managed web site or need a continuing support relationship; we've got you covered.

Request Consulation

Ready to transform your vision into a reality? Just looking to see what it takes to get the ball rolling. Tell us about your project and we can help. No spam. No obligation. Just answers.

More from our blog

See all posts
3 Comments
  1. Reply

    Thanks for the comment, Mitschelen30. We exclusively use WordPress in our projects. It is a great platform with an amazingly talented and giving user community.

    • Marina
    • September 18, 2011
    Reply

    You have really interesting blog, keep up posting such informative posts!

    • Mitschelen30
    • September 14, 2011
    Reply

    Great blog, did you use wordpress or blogengine? I made few blogs myself 🙂 It takes time but it is worth it!

 

Leave a Comment