CVE-2008-4129
Published Sep 18, 2008
Last updated 7 years ago
Overview
- Description
- Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-22
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F63EDF9A-1818-41D4-96EF-DFF61994C27F",
"versionEndIncluding": "2.2.5"
},
{
"criteria": "cpe:2.3:a:gallery:gallery:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAD2DDED-A01D-4026-B8C3-0DA916466D1C"
},
{
"criteria": "cpe:2.3:a:gallery:gallery:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D400C30B-BD93-4419-BEC2-24A470F5E473"
},
{
"criteria": "cpe:2.3:a:gallery:gallery:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8180C4E9-EFC9-438C-AAAF-B09B838CA17E"
},
{
"criteria": "cpe:2.3:a:gallery:gallery:2.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2ED9F1B-D3BD-42BA-8300-6A719A577F7F"
},
{
"criteria": "cpe:2.3:a:gallery:gallery:2.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A821D29-75FA-4A6D-BE1A-D11906FA188D"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2630CD9-31D8-4E24-B518-03D94B3383B9",
"versionEndIncluding": "1.5.8"
}
],
"operator": "OR"
}
]
}
]