Lucene search

Ubuntu.comUB:CVE-2010-4353

HistoryJan 25, 2011 - 12:00 a.m.

CVE-2010-4353

2011-01-2500:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

EPSS

0.008

Percentile

81.6%

JSON

Unrestricted file upload vulnerability in modules/gallery/models/item.php
in Menalto Gallery before 3.0 and beta allows remote authenticated users
with upload permissions to execute arbitrary code by uploading a file with
an executable extension, then accessing it via a direct request to the file
in an unspecified directory.

References

launchpad.net/bugs/cve/CVE-2010-4353

nvd.nist.gov/vuln/detail/CVE-2010-4353

security-tracker.debian.org/tracker/CVE-2010-4353

www.cve.org/CVERecord?id=CVE-2010-4353

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

EPSS

0.008

Percentile

81.6%

JSON

Related for UB:CVE-2010-4353