CVE-2006-1128

Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gallery_project:gallery:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gallery_project:gallery:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gallery_project:gallery:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gallery_project:gallery:2.0_alpha:*:*:*:*:*:*:*
cpe:2.3:a:gallery_project:gallery:2.0_alpha1:*:*:*:*:*:*:*
cpe:2.3:a:gallery_project:gallery:2.0_alpha2:*:*:*:*:*:*:*
cpe:2.3:a:gallery_project:gallery:2.0_alpha3:*:*:*:*:*:*:*
cpe:2.3:a:gallery_project:gallery:2.0_alpha4:*:*:*:*:*:*:*
cpe:2.3:a:gallery_project:gallery:2.0_beta1:*:*:*:*:*:*:*
cpe:2.3:a:gallery_project:gallery:2.0_beta2:*:*:*:*:*:*:*
cpe:2.3:a:gallery_project:gallery:2.0_beta3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-03-09 22:02

Updated : 2024-02-28 10:42


NVD link : CVE-2006-1128

Mitre link : CVE-2006-1128

CVE.ORG link : CVE-2006-1128


JSON object : View

Products Affected

gallery_project

  • gallery