modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the full string in the size parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gallery | Menalto | 3.0.1 | 3.0.1 |
Gallery | Menalto | 3.0 | 3.0 |
Gallery | Menalto | 3.0 | 3.0 |
Gallery | Menalto | 3.0.4 | 3.0.4 |
Gallery | Menalto | 3.0 | 3.0 |
Gallery | Menalto | 3.0.5 | 3.0.5 |
Gallery | Menalto | 3.0 | 3.0 |
Gallery | Menalto | 3.0.7 | 3.0.7 |
Gallery | Menalto | 3.0.3 | 3.0.3 |
Gallery | Menalto | * | 3.0.8 |
Gallery | Menalto | 3.0 | 3.0 |
Gallery | Menalto | 3.0 | 3.0 |
Gallery | Menalto | 3.0.2 | 3.0.2 |
Gallery | Menalto | 3.0.6 | 3.0.6 |