Log4j, wjhk.jupload.jar
Posted: 15 Dec 2021, 01:45
Hello,
Is Phoca Gallery for Joomla vulnerable to the Log4j exploit?
thanks,
JC
Is Phoca Gallery for Joomla vulnerable to the Log4j exploit?
thanks,
JC
Hi,
Log4j is a part of Apache server.
The Java upload feauture which was a part of Phoca Gallery worked on PC (where it resized the images before upload), it was not working on server but on users's PC (and there were plenty of security limits to run it). In fact, because of security limits it is not used anymore (PC just didn't run it without many exceptions done). Since version 4.5 the file is even not a part of Phoca Gallery.
Jan