← Back

CVE-2013-2241

nvd nist
Published: Oct 10, 2013Modified: Apr 29, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter.

Affected (14)

Products: Menalto: Gallery
Menalto
1 product
Gallery
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Menalto
Gallery
Up to 3.0.8
Gallery
Version 3.0.1
Gallery
Version 3.0.2
Gallery
Version 3.0.3
Gallery
Version 3.0.4
Gallery
Version 3.0.5
Gallery
Version 3.0.6
Gallery
Version 3.0.7
Gallery
Version 3.0
Gallery
Version 3.0 beta1
Gallery
Version 3.0 beta2
Gallery
Version 3.0 beta3
Gallery
Version 3.0 rc1
Gallery
Version 3.0 rc2

Related CWEs

CWE-264
CWE-264

References (12)

Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.