Users have reported a security vulnerability in Pixaria which can be exploited if PHP's register_globals variable is turned on.
My current advice is for everyone to upgrade to the newly released version 1.4.3 or if that's not possible, to install this patched file: class.Smarty.php.zip into resources/includes on your current installation.
For reference, the installation documentation of Pixaria has been updated with information on how to prevent malicious access to Pixaria's 'include' and 'libraries' scripts as this can easily be prevented by creating a text file called .htaccess with the following text in it:
Order Deny,Allow
Deny from all This file should then be uploaded to:
-/resources/incoming/
-/resources/library/
-/resources/includes/
-/resources/pixies/
-/resources/smarty/
To test whether this is working on your site, browse to these directories using your web browser like this:
http://www.mysite.com/pixaria/resources/includes/
You should get an error message and access denied warning.
Pixaria Gallery 4.0.5
Friday, May 10, 2013
Pixaria Gallery 4.0.4
Monday, April 29, 2013
Pix Update
Thursday, February 28, 2013
Pixaria Gallery 4.0.2
Thursday, October 11, 2012
Important Update!
Wednesday, October 3, 2012
Website Comment
Tuesday, October 2, 2012
Pixaria Gallery 4.0 Demo
Friday, September 28, 2012
50% Discount
Friday, September 28, 2012
Pixaria Support
Wednesday, September 26, 2012
Support Tickets
Wednesday, September 26, 2012