CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
Percentile
86.5%
Michael Dipper wrote:
A vulnerability has been discovered in gallery,
which allows remote users unauthorized access to files
on the webserver.
A remote user accessing gallery over the web may use
specially crafted HTTP parameters to access arbitrary
files located on the webserver. All files readable by
the webserver process are subject to disclosure.
The vulnerability is not restricted to the webserver’s
document root but extends to the whole server file space.
The vulnerability may be used by any anonymous user,
there is no login to the application required.