Описание
modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.8 (включая)
Одно из
cpe:2.3:a:menalto:gallery:*:*:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:3.0:*:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:3.0:beta1:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:3.0:beta2:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:3.0:beta3:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:menalto:gallery:3.0.7:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00379
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
debian
больше 12 лет назад
modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows ...
github
больше 3 лет назад
modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter.
EPSS
Процентиль: 59%
0.00379
Низкий
5 Medium
CVSS2
Дефекты
CWE-264