CVE-2008-3600

Publication date 12 August 2008

Last updated 24 July 2024

Ubuntu priority

Description

Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
gallery	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.06 LTS dapper	Not affected
gallery2	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2008-3600

CVE-2008-3600

Description

Status

References

Other references

Access our resources on patching vulnerabilities