7.5

CVE-2013-2240

Exploit
lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MenaltoGallery Version3.0
MenaltoGallery Version3.0.1
MenaltoGallery Version3.0.2
MenaltoGallery Version3.0.3
MenaltoGallery Version3.0.4
MenaltoGallery Version3.0.5
MenaltoGallery Version3.0.6
MenaltoGallery Version3.0.7
MenaltoGallery Version3.0.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.71% 0.743
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://galleryproject.org/gallery_3_0_9
http://sourceforge.net/apps/trac/gallery/ticket/2073
http://www.openwall.com/lists/oss-security/2013/07/04/11
https://bugzilla.redhat.com/show_bug.cgi?id=981197
Patch
https://github.com/gallery/gallery3/commit/c5318bb1a2dd266b50317a2adb74d74338593733
Patch
Exploit