5

CVE-2013-2241

modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MenaltoGallery Version <= 3.0.8
MenaltoGallery Version3.0
MenaltoGallery Version3.0 Updatebeta1
MenaltoGallery Version3.0 Updatebeta2
MenaltoGallery Version3.0 Updatebeta3
MenaltoGallery Version3.0 Updaterc1
MenaltoGallery Version3.0 Updaterc2
MenaltoGallery Version3.0.1
MenaltoGallery Version3.0.2
MenaltoGallery Version3.0.3
MenaltoGallery Version3.0.4
MenaltoGallery Version3.0.5
MenaltoGallery Version3.0.6
MenaltoGallery Version3.0.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.57% 0.721
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://galleryproject.org/gallery_3_0_9
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/07/04/11
http://sourceforge.net/apps/trac/gallery/ticket/2074
http://www.openwall.com/lists/oss-security/2013/07/05/3
https://bugzilla.redhat.com/show_bug.cgi?id=981198
https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed