CVE-2008-3600
Published: 12 August 2008
Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gallery Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(register_globals is not supported)
|
| feisty |
Not vulnerable
(register_globals is not supported)
|
|
| gutsy |
Not vulnerable
(register_globals is not supported)
|
|
| hardy |
Not vulnerable
(register_globals is not supported)
|
|
| upstream |
Needs triage
|
|
|
gallery2 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
| feisty |
Not vulnerable
|
|
| gutsy |
Not vulnerable
|
|
| hardy |
Not vulnerable
|
|
| upstream |
Not vulnerable
|