CVE-2010-4353

Опубликовано: 25 янв. 2011

Источник: nvd

CVSS2: 6

EPSS Низкий

Описание

Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Ссылки

http://gallery.menalto.com/gallery_3.0.1_released
Patch
Vendor Advisory
http://osvdb.org/70628
http://secunia.com/advisories/43028
Vendor Advisory
http://www.securityfocus.com/bid/45964
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/64870
http://gallery.menalto.com/gallery_3.0.1_released
Patch
Vendor Advisory
http://osvdb.org/70628
http://secunia.com/advisories/43028
Vendor Advisory
http://www.securityfocus.com/bid/45964
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/64870

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:menalto:gallery:*:*:*:*:*:*:*:*

Версия до 2.2.6 (включая)

cpe:2.3:a:menalto:gallery:1.5.7:*:*:*:*:*:*:*

cpe:2.3:a:menalto:gallery:1.6:*:*:*:*:*:*:*

cpe:2.3:a:menalto:gallery:1.6:alpha3:*:*:*:*:*:*

cpe:2.3:a:menalto:gallery:2.1:*:*:*:*:*:*:*

cpe:2.3:a:menalto:gallery:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:menalto:gallery:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:menalto:gallery:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:menalto:gallery:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:menalto:gallery:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:menalto:gallery:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:menalto:gallery:2.2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01187

Низкий

6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2010-4353

ubuntu

почти 15 лет назад

CVE-2010-4353

debian

почти 15 лет назад

Unrestricted file upload vulnerability in modules/gallery/models/item. ...

GHSA-g6wr-xh7r-qh7r

github

больше 3 лет назад

EPSS

Процентиль: 78%

0.01187

Низкий

6 Medium

CVSS2

Дефекты

NVD-CWE-Other