Directory traversal vulnerability in Gallery 2.0.3 and previous versions, and 2.1 before RC-2a, allows remote malicious users to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gallery project gallery 2.0.3 |
||
gallery project gallery 2.0_alpha |
||
gallery project gallery 2.0_beta3 |
||
gallery project gallery 2.1_rc1 |
||
gallery project gallery 2.0 |
||
gallery project gallery 2.0_alpha3 |
||
gallery project gallery 2.0_alpha4 |
||
gallery project gallery 2.0_alpha1 |
||
gallery project gallery 2.0_alpha2 |
||
gallery project gallery 2.1_rc2 |
||
gallery project gallery 2.0.1 |
||
gallery project gallery 2.0.2 |
||
gallery project gallery 2.0_beta1 |
||
gallery project gallery 2.0_beta2 |