← Back

CVE-2010-4353

nvd nist
Published: Jan 25, 2011Modified: Apr 29, 2026

JSON object

Loading...
6.0
Vector
AV:N/AC:M/Au:S/C:P/I:P/A:P
Exploitability: 6.8 / Impact: 6.4
Source: NVD

Description

Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Affected (12)

Products: Menalto: Gallery
Menalto
1 product
Gallery
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Menalto
Gallery
Up to 2.2.6
Gallery
Version 1.5.7
Gallery
Version 1.6
Gallery
Version 1.6 alpha3
Gallery
Version 2.1.1
Gallery
Version 2.1.2
Gallery
Version 2.1
Gallery
Version 2.2.0
Gallery
Version 2.2.1
Gallery
Version 2.2.2
Gallery
Version 2.2.3
Gallery
Version 2.2.4

References (10)

Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.