Vulnerability Details : CVE-2010-4353
Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2010-4353
Probability of exploitation activity in the next 30 days: 0.76%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4353
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
Vendor statements for CVE-2010-4353
-
menalto 2011-03-07This vulnerability is limited to versions of Gallery 3 including Gallery 3 betas and Gallery 3.0. No versions of Gallery 1 or Gallery 2 are affected.
-
http://gallery.menalto.com/gallery_3.0.1_released
Gallery 3.0.1 security and bugfix release is available! | GalleryPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/45964
Gallery Arbitrary File Upload VulnerabilityPatch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64870
Gallery extension file upload CVE-2010-4353 Vulnerability Report
- cpe:2.3:a:menalto:gallery:*:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:1.6:alpha3:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:1.6:*:*:*:*:*:*:*