Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2008-4129

Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.

  • Published: Sep 18, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-4129
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
gallery / gallery 2.2.0 2.2.0.x
gallery / gallery 2.2.3 2.2.3.x
gallery / gallery 2.2.2 2.2.2.x
gallery / gallery 2.2.4 2.2.4.x
gallery / gallery - 2.2.5.x
gallery / gallery 2.2.1 2.2.1.x
gallery / gallery - 1.5.8.x