CVE-2010-4353
Published Jan 25, 2011
Last updated 7 years ago
Overview
- Description
- Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Vendor comments
- menaltoThis vulnerability is limited to versions of Gallery 3 including Gallery 3 betas and Gallery 3.0. No versions of Gallery 1 or Gallery 2 are affected.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:menalto:gallery:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0E7A0A3-0A92-441A-89DE-102FC0A07549",
"versionEndIncluding": "2.2.6"
},
{
"criteria": "cpe:2.3:a:menalto:gallery:1.5.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5CA96DC5-B3F3-42DD-801E-8B66D8065578"
},
{
"criteria": "cpe:2.3:a:menalto:gallery:1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE18E8EE-3B84-4A22-9D3C-EEE8AE793D85"
},
{
"criteria": "cpe:2.3:a:menalto:gallery:1.6:alpha3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11DBDE20-1391-4E46-B659-31FAE4300987"
},
{
"criteria": "cpe:2.3:a:menalto:gallery:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58BB4D3A-34F4-458B-9FB6-28D3B1156A53"
},
{
"criteria": "cpe:2.3:a:menalto:gallery:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1CD9940F-71D9-4AA5-B4C8-C464E371B982"
},
{
"criteria": "cpe:2.3:a:menalto:gallery:2.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "91B47B68-3C6B-4B49-87E4-35489CCAC050"
},
{
"criteria": "cpe:2.3:a:menalto:gallery:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C5373C47-DC8D-4DD9-B15E-707B79478928"
},
{
"criteria": "cpe:2.3:a:menalto:gallery:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B86E3F23-A7E4-4BF1-AF08-84091490A530"
},
{
"criteria": "cpe:2.3:a:menalto:gallery:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E64F4ECB-55CA-4B50-A23E-1C91217AD77F"
},
{
"criteria": "cpe:2.3:a:menalto:gallery:2.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9E6E813-512A-43DD-AD45-0888F625BD6C"
},
{
"criteria": "cpe:2.3:a:menalto:gallery:2.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78D73880-557C-40F6-8229-BE560321835E"
}
],
"operator": "OR"
}
]
}
]