CVE-2013-2240

Published: Oct 10, 2013Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138.

Affected (9)

Products: Menalto: Gallery

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Menalto Gallery	Version 3.0.1
Menalto Gallery	Version 3.0.2
Menalto Gallery	Version 3.0.3
Menalto Gallery	Version 3.0.4
Menalto Gallery	Version 3.0.5
Menalto Gallery	Version 3.0.6
Menalto Gallery	Version 3.0.7
Menalto Gallery	Version 3.0.8
Menalto Gallery	Version 3.0

References (10)

http://galleryproject.org/gallery_3_0_9

Source: secalert@redhat.com

http://sourceforge.net/apps/trac/gallery/ticket/2073

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/07/04/11

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=981197

Source: secalert@redhat.com

Patch

https://github.com/gallery/gallery3/commit/c5318bb1a2dd266b50317a2adb74d74338593733

Source: secalert@redhat.com

ExploitPatch

http://galleryproject.org/gallery_3_0_9

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/apps/trac/gallery/ticket/2073

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/07/04/11

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=981197

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/gallery/gallery3/commit/c5318bb1a2dd266b50317a2adb74d74338593733

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

Timeline

No history available yet.