Описание
Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:menalto:gallery:2.1:*:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:2.2.4:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00287
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
ubuntu
больше 17 лет назад
Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions.
debian
больше 17 лет назад
Menalto Gallery before 2.2.5 does not enforce permissions for non-albu ...
github
больше 3 лет назад
Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions.
EPSS
Процентиль: 52%
0.00287
Низкий
5 Medium
CVSS2
Дефекты
CWE-264