Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2008-3600

Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action.

  • Published: Aug 12, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-3600
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
menalto / gallery 1.6-alpha3 1.6-alpha3.x
menalto / gallery 1.5.7 1.5.7.x