Vulnerability Details CVE-2013-2241
modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://galleryproject.org/gallery_3_0_9
- http://sourceforge.net/apps/trac/gallery/ticket/2074
- http://www.openwall.com/lists/oss-security/2013/07/04/11
- http://www.openwall.com/lists/oss-security/2013/07/05/3
- https://bugzilla.redhat.com/show_bug.cgi?id=981198
- https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed
- http://galleryproject.org/gallery_3_0_9
- http://sourceforge.net/apps/trac/gallery/ticket/2074
- http://www.openwall.com/lists/oss-security/2013/07/04/11
- http://www.openwall.com/lists/oss-security/2013/07/05/3
- https://bugzilla.redhat.com/show_bug.cgi?id=981198
- https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed
Products affected by CVE-2013-2241
-
cpe:2.3:a:menalto:gallery:1.5.7
-
cpe:2.3:a:menalto:gallery:1.6
-
cpe:2.3:a:menalto:gallery:2.1
-
cpe:2.3:a:menalto:gallery:2.1.1
-
cpe:2.3:a:menalto:gallery:2.1.2
-
cpe:2.3:a:menalto:gallery:2.2.0
-
cpe:2.3:a:menalto:gallery:2.2.1
-
cpe:2.3:a:menalto:gallery:2.2.2
-
cpe:2.3:a:menalto:gallery:2.2.3
-
cpe:2.3:a:menalto:gallery:2.2.4
-
cpe:2.3:a:menalto:gallery:2.2.6
-
cpe:2.3:a:menalto:gallery:3.0
-
cpe:2.3:a:menalto:gallery:3.0.1
-
cpe:2.3:a:menalto:gallery:3.0.2
-
cpe:2.3:a:menalto:gallery:3.0.3
-
cpe:2.3:a:menalto:gallery:3.0.4
-
cpe:2.3:a:menalto:gallery:3.0.5
-
cpe:2.3:a:menalto:gallery:3.0.6
-
cpe:2.3:a:menalto:gallery:3.0.7
-
cpe:2.3:a:menalto:gallery:3.0.8