CVE-2010-4353

Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
menaltogallery
𝑥
≤ 2.2.6
menaltogallery
1.5.7
menaltogallery
1.6
menaltogallery
1.6:alpha3
menaltogallery
2.1
menaltogallery
2.1.1
menaltogallery
2.1.2
menaltogallery
2.2.0
menaltogallery
2.2.1
menaltogallery
2.2.2
menaltogallery
2.2.3
menaltogallery
2.2.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gallery
maverick
not-affected
lucid
not-affected
karmic
not-affected
hardy
not-affected
dapper
not-affected
gallery2
maverick
not-affected
lucid
not-affected
karmic
not-affected
hardy
not-affected
dapper
not-affected
References
http://gallery.menalto.com/gallery_3.0.1_released
http://osvdb.org/70628
http://secunia.com/advisories/43028
http://www.securityfocus.com/bid/45964
https://exchange.xforce.ibmcloud.com/vulnerabilities/64870
http://gallery.menalto.com/gallery_3.0.1_released
http://osvdb.org/70628
http://secunia.com/advisories/43028
http://www.securityfocus.com/bid/45964
https://exchange.xforce.ibmcloud.com/vulnerabilities/64870