Vulnerability Details CVE-2010-4353
Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.9%
CVSS Severity
CVSS v2 Score 6.0
References
- http://gallery.menalto.com/gallery_3.0.1_released
- http://osvdb.org/70628
- http://secunia.com/advisories/43028
- http://www.securityfocus.com/bid/45964
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64870
- http://gallery.menalto.com/gallery_3.0.1_released
- http://osvdb.org/70628
- http://secunia.com/advisories/43028
- http://www.securityfocus.com/bid/45964
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64870
Products affected by CVE-2010-4353
-
cpe:2.3:a:menalto:gallery:1.5.7
-
cpe:2.3:a:menalto:gallery:1.6
-
cpe:2.3:a:menalto:gallery:2.1
-
cpe:2.3:a:menalto:gallery:2.1.1
-
cpe:2.3:a:menalto:gallery:2.1.2
-
cpe:2.3:a:menalto:gallery:2.2.0
-
cpe:2.3:a:menalto:gallery:2.2.1
-
cpe:2.3:a:menalto:gallery:2.2.2
-
cpe:2.3:a:menalto:gallery:2.2.3
-
cpe:2.3:a:menalto:gallery:2.2.4
-
cpe:2.3:a:menalto:gallery:2.2.6