Gallery@2.1 Security Vulnerabilities and Issues — Gallery@2.1 CVE List

Lucene search

MenaltoGallery2.1

6 matches found

CVE•added 2008/06/16 11:41 p.m.•51 views

CVE-2008-2722

Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive.

7.5CVSS6.4AI score0.00361EPSS

CVE•added 2008/06/16 11:41 p.m.•38 views

CVE-2008-2720

Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL.

4.3CVSS5.5AI score0.00475EPSS

CVE•added 2008/06/16 11:41 p.m.•38 views

CVE-2008-2721

Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album.

5CVSS6.2AI score0.00516EPSS

CVE•added 2008/06/16 11:41 p.m.•30 views

CVE-2008-2723

embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address."

5CVSS6.2AI score0.00516EPSS

CVE•added 2008/06/16 11:41 p.m.•30 views

CVE-2008-2724

Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions.

5CVSS6.6AI score0.00287EPSS

CVE•added 2011/01/25 1:0 a.m.•27 views

CVE-2010-4353

Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file i...

6CVSS7.6AI score0.01187EPSS