CVE-2013-2241 | Vulnerability Database | Aqua Security

modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the full string in the size parameter.

Affected Software

Name	Vendor	Start Version	End Version
Gallery	Menalto	*	3.0.8 (including)
Gallery	Menalto	3.0 (including)	3.0 (including)
Gallery	Menalto	3.0-beta1 (including)	3.0-beta1 (including)
Gallery	Menalto	3.0-beta2 (including)	3.0-beta2 (including)
Gallery	Menalto	3.0-beta3 (including)	3.0-beta3 (including)
Gallery	Menalto	3.0-rc1 (including)	3.0-rc1 (including)
Gallery	Menalto	3.0-rc2 (including)	3.0-rc2 (including)
Gallery	Menalto	3.0.1 (including)	3.0.1 (including)
Gallery	Menalto	3.0.2 (including)	3.0.2 (including)
Gallery	Menalto	3.0.3 (including)	3.0.3 (including)
Gallery	Menalto	3.0.4 (including)	3.0.4 (including)
Gallery	Menalto	3.0.5 (including)	3.0.5 (including)
Gallery	Menalto	3.0.6 (including)	3.0.6 (including)
Gallery	Menalto	3.0.7 (including)	3.0.7 (including)

References

http://galleryproject.org/gallery_3_0_9
http://sourceforge.net/apps/trac/gallery/ticket/2074
http://www.openwall.com/lists/oss-security/2013/07/04/11
http://www.openwall.com/lists/oss-security/2013/07/05/3
https://bugzilla.redhat.com/show_bug.cgi?id=981198
https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed
http://galleryproject.org/gallery_3_0_9
http://sourceforge.net/apps/trac/gallery/ticket/2074
http://www.openwall.com/lists/oss-security/2013/07/04/11
http://www.openwall.com/lists/oss-security/2013/07/05/3
https://bugzilla.redhat.com/show_bug.cgi?id=981198
https://github.com/gallery/gallery3/commit/cbbcf1b4791762d7da0ea7b6c4f4b551a4d9caed

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-2241
CWE	https://cwe.mitre.org/data/definitions/264.html