CVE-2013-2241

EUVD-2013-2192
modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
menaltogallery
𝑥
≤ 3.0.8
menaltogallery
3.0
menaltogallery
3.0:beta1
menaltogallery
3.0:beta2
menaltogallery
3.0:beta3
menaltogallery
3.0:rc1
menaltogallery
3.0:rc2
menaltogallery
3.0.1
menaltogallery
3.0.2
menaltogallery
3.0.3
menaltogallery
3.0.4
menaltogallery
3.0.5
menaltogallery
3.0.6
menaltogallery
3.0.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://galleryproject.org/gallery_3_0_9
http://sourceforge.net/apps/trac/gallery/ticket/2074
http://www.openwall.com/lists/oss-security/2013/07/04/11
http://www.openwall.com/lists/oss-security/2013/07/05/3
https://bugzilla.redhat.com/show_bug.cgi?id=981198
https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed
http://galleryproject.org/gallery_3_0_9
http://sourceforge.net/apps/trac/gallery/ticket/2074
http://www.openwall.com/lists/oss-security/2013/07/04/11
http://www.openwall.com/lists/oss-security/2013/07/05/3
https://bugzilla.redhat.com/show_bug.cgi?id=981198
https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed