Rule: -- Sid: -- Summary: This event is generated when an attempt is made to exploit a known vulnerability in the PHP web application Gallery running on a server. -- Impact: Possible execution of arbitrary code. -- Detailed Information: This event is generated when an attempt is made to include script when accessing the file index.php for the PHP application Gallery. This application fails to properly check the source of an included file in the script index.php. As a result an attacker is presented with the opportunity to execute code of their choosing with the privileges of the user running the web server. -- Affected Systems: All systems running the PHP application Calerndar. -- Attack Scenarios: An attacker can include code of their choosing by supplying a URI to their script as a parameter to the HTTP GET request. -- Ease of Attack: Simple. No exploit required. -- False Positives: None known. -- False Negatives: None known. -- Corrective Action: Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied. -- Contributors: Sourcefire Research Team Brian Caswell <bmc@sourcefire.com> Nigel Houghton <nigel.houghton@sourcefire.com> -- Additional References: --