Cross site request forgery (csrf)

2012-08-1010:34:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.8%

JSON

The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI.

CPENameOperatorVersion
com_rsgallery2le3.1.0
com_rsgallery2eq1.9.0-4 alpha
com_rsgallery2eq1.9.4 alpha
com_rsgallery2eq1.9.5 alpha
com_rsgallery2eq1.10.1 alpha
com_rsgallery2eq1.10.2 alpha
com_rsgallery2eq1.10.5 alpha
com_rsgallery2eq1.10.6 alpha
com_rsgallery2eq1.10.7 alpha
com_rsgallery2eq1.10.8 alpha

Name	Operator	Version
com_rsgallery2	le	3.1.0
com_rsgallery2	eq	1.9.0-4 alpha
com_rsgallery2	eq	1.9.4 alpha
com_rsgallery2	eq	1.9.5 alpha
com_rsgallery2	eq	1.10.1 alpha
com_rsgallery2	eq	1.10.2 alpha
com_rsgallery2	eq	1.10.5 alpha
com_rsgallery2	eq	1.10.6 alpha
com_rsgallery2	eq	1.10.7 alpha
com_rsgallery2	eq	1.10.8 alpha

Rows per page:

1-10 of 371

References

extensions.joomla.org/extensions/photos-a-images/photo-gallery/142

joomlacode.org/gf/download/frsrelease/17326/75428/com_rsgallery2_3.2.0.zip

joomlacode.org/gf/project/rsgallery2/news/

www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html