Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| menalto | gallery | 1.5.7 |
| menalto | gallery | 2.2.0 |
| menalto | gallery | * |
| menalto | gallery | 1.6 |
| menalto | gallery | 2.1.1 |
| menalto | gallery | 2.2.1 |
| menalto | gallery | 2.2.4 |
| menalto | gallery | 2.1 |
| menalto | gallery | 2.1.2 |
| menalto | gallery | 2.2.2 |
| menalto | gallery | 2.2.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| menalto | gallery | 2.2.6 |
| maian | gallery | 3.0.2 |
| maian | gallery | 2.3.1 |
| maian | gallery | 3.0 |
| maian | gallery | 3.0.1 |
| maian | gallery | 2.3 |
Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| menalto | gallery | 2.2.6 |
| maian | gallery | 3.0.2 |
| maian | gallery | 2.3.1 |
| maian | gallery | 3.0 |
| maian | gallery | 3.0.1 |
| maian | gallery | 2.3 |
The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| menalto | gallery | 3.0 |
| menalto | gallery | 3.0.4 |
| menalto | gallery | * |
| menalto | gallery | 3.0.3 |
| menalto | gallery | 3.0.2 |
| menalto | gallery | 3.0.5 |
| menalto | gallery | 3.0.6 |
| menalto | gallery | 3.0.1 |
lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| menalto | gallery | 3.0.7 |
| menalto | gallery | 3.0 |
| menalto | gallery | 3.0.8 |
| menalto | gallery | 3.0.4 |
| menalto | gallery | 3.0.3 |
| menalto | gallery | 3.0.2 |
| menalto | gallery | 3.0.5 |
| menalto | gallery | 3.0.6 |
| menalto | gallery | 3.0.1 |
modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| menalto | gallery | 3.0.7 |
| menalto | gallery | 3.0 |
| menalto | gallery | 3.0.4 |
| menalto | gallery | * |
| menalto | gallery | 3.0.3 |
| menalto | gallery | 3.0.2 |
| menalto | gallery | 3.0.5 |
| menalto | gallery | 3.0.6 |
| menalto | gallery | 3.0.1 |