Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-09-18T20:00:00
Updated: 2017-08-07T12:57:01
Reserved: 2008-09-18T00:00:00
Link: CVE-2008-4129
JSON object: View
NVD Information
Status : Modified
Published: 2008-09-18T20:00:00.577
Modified: 2017-08-08T01:32:26.513
Link: CVE-2008-4129
JSON object: View
Redhat Information
No data.
CWE