Security Vulnerability Fixed

Security Vulnerability Fixed

Posted on Sunday, April 15, 2007

Users have reported a security vulnerability in Pixaria which can be exploited if PHP's register_globals variable is turned on.

My current advice is for everyone to upgrade to the newly released version 1.4.3 or if that's not possible, to install this patched file: class.Smarty.php.zip into resources/includes on your current installation.

For reference, the installation documentation of Pixaria has been updated with information on how to prevent malicious access to Pixaria's 'include' and 'libraries' scripts as this can easily be prevented by creating a text file called .htaccess with the following text in it:


Order Deny,Allow 
Deny from all 

This file should then be uploaded to:

-/resources/incoming/
-/resources/library/
-/resources/includes/
-/resources/pixies/
-/resources/smarty/

To test whether this is working on your site, browse to these directories using your web browser like this:

http://www.mysite.com/pixaria/resources/includes/

You should get an error message and access denied warning.


Recent Entries

Gallery 4.0.7
Friday, October 10, 2014

Great New Showcase!
Thursday, July 3, 2014

Pixaria AssetDeck Version 4.0.6 Released!
Friday, May 9, 2014

Pixaria Gallery Version 4.0.6 Released!
Thursday, May 8, 2014

New Pixaria Client!
Tuesday, October 1, 2013

AssetDeck Version 4.0.5
Monday, June 24, 2013

Pixaria Gallery 4.0.5
Friday, May 10, 2013

Pixaria Gallery 4.0.4
Monday, April 29, 2013

Pix Update
Thursday, February 28, 2013

Pixaria Gallery 4.0.2
Thursday, October 11, 2012