Vulnerabilities > CVE-2010-4353 - Unspecified vulnerability in Menalto Gallery

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

menalto

NVD

Published: 2011-01-25

Updated: 2017-08-17

Summary

Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Vulnerable Configurations

Part	Description	Count
Application	Menalto Menalto Gallery 1.5.7 Menalto Gallery 1.6 Menalto Gallery 2.1 Menalto Gallery 2.1.1 Menalto Gallery 2.1.2 Menalto Gallery 2.2.0 Menalto Gallery 2.2.1 Menalto Gallery 2.2.2 Menalto Gallery 2.2.3 Menalto Gallery 2.2.4 Menalto Gallery 2.2.6	12

Statements

contributor	menalto
lastmodified	2011-03-07
organization	menalto
statement	This vulnerability is limited to versions of Gallery 3 including Gallery 3 betas and Gallery 3.0. No versions of Gallery 1 or Gallery 2 are affected.

Summary

Vulnerable Configurations

Statements

References