CVE-2008-2723

Current Description

embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address."

Basic Data

PublishedJune 16, 2008
Last ModifiedAugust 08, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-200
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMenaltoGallery2.1*******
    2.3ApplicationMenaltoGallery2.1.1*******
    2.3ApplicationMenaltoGallery2.1.2*******
    2.3ApplicationMenaltoGallery2.2.0*******
    2.3ApplicationMenaltoGallery2.2.1*******
    2.3ApplicationMenaltoGallery2.2.2*******
    2.3ApplicationMenaltoGallery2.2.3*******
    2.3ApplicationMenaltoGallery********2.2.4

Vulnerable Software List

VendorProductVersions
Menalto Gallery *, 2.1, 2.1.1, 2.1.2, 2.2.0, 2.2.1, 2.2.2, 2.2.3

References

NameSourceURLTags
http://gallery.menalto.com/gallery_2.2.5_releasedhttp://gallery.menalto.com/gallery_2.2.5_releasedCONFIRM
30650http://secunia.com/advisories/30650SECUNIAVendor Advisory
30826http://secunia.com/advisories/30826SECUNIA
29681http://www.securityfocus.com/bid/29681BID
gallery-embed-path-disclosure(43028)https://exchange.xforce.ibmcloud.com/vulnerabilities/43028XF
FEDORA-2008-5479https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.htmlFEDORA
FEDORA-2008-5576https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.htmlFEDORA