OpenCVE

Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Menalto	Gallery

Configuration 1 [-]

OR	cpe:2.3:a:menalto:gallery::::::::
	cpe:2.3:a:menalto:gallery:1.5.7:::::::*
	cpe:2.3:a:menalto:gallery:1.6:::::::*
	cpe:2.3:a:menalto:gallery:1.6:alpha3::::::
	cpe:2.3:a:menalto:gallery:2.1:::::::*
	cpe:2.3:a:menalto:gallery:2.1.1:::::::*
	cpe:2.3:a:menalto:gallery:2.1.2:::::::*
	cpe:2.3:a:menalto:gallery:2.2.0:::::::*
	cpe:2.3:a:menalto:gallery:2.2.1:::::::*
	cpe:2.3:a:menalto:gallery:2.2.2:::::::*
	cpe:2.3:a:menalto:gallery:2.2.3:::::::*
	cpe:2.3:a:menalto:gallery:2.2.4:::::::*

No data.

References

Link	Providers
http://gallery.menalto.com/gallery_3.0.1_released
http://osvdb.org/70628
http://secunia.com/advisories/43028
http://www.securityfocus.com/bid/45964
https://exchange.xforce.ibmcloud.com/vulnerabilities/64870

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-01-25T00:00:00

Updated: 2024-08-07T03:43:14.550Z

Reserved: 2010-11-30T00:00:00

Link: CVE-2010-4353

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-01-25T01:00:01.957

Modified: 2024-11-21T01:20:45.723

Link: CVE-2010-4353

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-01-24T00:00:00", "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "43028", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43028"}, {"name": "gallery-extension-file-upload(64870)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64870"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://gallery.menalto.com/gallery_3.0.1_released"}, {"name": "70628", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/70628"}, {"name": "45964", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45964"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4353", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "43028", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43028"}, {"name": "gallery-extension-file-upload(64870)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64870"}, {"name": "http://gallery.menalto.com/gallery_3.0.1_released", "refsource": "CONFIRM", "url": "http://gallery.menalto.com/gallery_3.0.1_released"}, {"name": "70628", "refsource": "OSVDB", "url": "http://osvdb.org/70628"}, {"name": "45964", "refsource": "BID", "url": "http://www.securityfocus.com/bid/45964"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:43:14.550Z"}, "title": "CVE Program Container", "references": [{"name": "43028", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43028"}, {"name": "gallery-extension-file-upload(64870)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64870"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://gallery.menalto.com/gallery_3.0.1_released"}, {"name": "70628", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/70628"}, {"name": "45964", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/45964"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4353", "datePublished": "2011-01-25T00:00:00", "dateReserved": "2010-11-30T00:00:00", "dateUpdated": "2024-08-07T03:43:14.550Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:menalto:gallery:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0E7A0A3-0A92-441A-89DE-102FC0A07549", "versionEndIncluding": "2.2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:menalto:gallery:1.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "5CA96DC5-B3F3-42DD-801E-8B66D8065578", "vulnerable": true}, {"criteria": "cpe:2.3:a:menalto:gallery:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "AE18E8EE-3B84-4A22-9D3C-EEE8AE793D85", "vulnerable": true}, {"criteria": "cpe:2.3:a:menalto:gallery:1.6:alpha3:*:*:*:*:*:*", "matchCriteriaId": "11DBDE20-1391-4E46-B659-31FAE4300987", "vulnerable": true}, {"criteria": "cpe:2.3:a:menalto:gallery:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "58BB4D3A-34F4-458B-9FB6-28D3B1156A53", "vulnerable": true}, {"criteria": "cpe:2.3:a:menalto:gallery:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1CD9940F-71D9-4AA5-B4C8-C464E371B982", "vulnerable": true}, {"criteria": "cpe:2.3:a:menalto:gallery:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "91B47B68-3C6B-4B49-87E4-35489CCAC050", "vulnerable": true}, {"criteria": "cpe:2.3:a:menalto:gallery:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C5373C47-DC8D-4DD9-B15E-707B79478928", "vulnerable": true}, {"criteria": "cpe:2.3:a:menalto:gallery:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B86E3F23-A7E4-4BF1-AF08-84091490A530", "vulnerable": true}, {"criteria": "cpe:2.3:a:menalto:gallery:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "E64F4ECB-55CA-4B50-A23E-1C91217AD77F", "vulnerable": true}, {"criteria": "cpe:2.3:a:menalto:gallery:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "D9E6E813-512A-43DD-AD45-0888F625BD6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:menalto:gallery:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "78D73880-557C-40F6-8229-BE560321835E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."}, {"lang": "es", "value": "Vulnerabilidad de subida de archivos sin restricciones en modules/gallery/models/item.php en Menalto Gallery anterior a v3.0 y beta permite a usuarios autenticados de forma remota con permisos de subida ejecutar c\u00f3digo de su elecci\u00f3n subiendo un archivo con una extensi\u00f3n ejecutable, y despu\u00e9s accediendo a \u00e9l a trav\u00e9s de una petici\u00f3n directa al archivo en un directorio no especificado."}], "id": "CVE-2010-4353", "lastModified": "2024-11-21T01:20:45.723", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-01-25T01:00:01.957", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://gallery.menalto.com/gallery_3.0.1_released"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/70628"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43028"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/45964"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64870"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://gallery.menalto.com/gallery_3.0.1_released"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/70628"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43028"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/45964"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64870"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "This vulnerability is limited to versions of Gallery 3 including Gallery 3 betas and Gallery 3.0. No versions of Gallery 1 or Gallery 2 are affected.", "lastModified": "2011-03-07T00:00:00", "organization": "menalto"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}