6.4

CVE-2006-1128

Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gallery ProjectGallery Version2.0
Gallery ProjectGallery Version2.0.1
Gallery ProjectGallery Version2.0.2
Gallery ProjectGallery Version2.0_alpha
Gallery ProjectGallery Version2.0_alpha1
Gallery ProjectGallery Version2.0_alpha2
Gallery ProjectGallery Version2.0_alpha3
Gallery ProjectGallery Version2.0_alpha4
Gallery ProjectGallery Version2.0_beta1
Gallery ProjectGallery Version2.0_beta2
Gallery ProjectGallery Version2.0_beta3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.92% 0.89
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archives.neohapsis.com/archives/bugtraq/2006-02/0621.html
http://gallery.menalto.com/gallery_2.0.3_released
http://secunia.com/advisories/19104
Patch
Vendor Advisory
http://securitytracker.com/id?1015717
Patch
http://www.gulftech.org/?node=research&article_id=00106-03022006
http://www.vupen.com/english/advisories/2006/0813
http://www.osvdb.org/23597
http://www.securityfocus.com/bid/16948
https://exchange.xforce.ibmcloud.com/vulnerabilities/25118