CVE-2008-3600
Published: 12 August 2008
Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action.
Priority
Status
Package | Release | Status |
---|---|---|
gallery Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(register_globals is not supported)
|
feisty |
Not vulnerable
(register_globals is not supported)
|
|
gutsy |
Not vulnerable
(register_globals is not supported)
|
|
hardy |
Not vulnerable
(register_globals is not supported)
|
|
upstream |
Needs triage
|
|
gallery2 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
feisty |
Not vulnerable
|
|
gutsy |
Not vulnerable
|
|
hardy |
Not vulnerable
|
|
upstream |
Not vulnerable
|