CVE-2007-6689
Menalto Gallery < 2.2.3 - Arbitrary Code Execution via File Upload
Title source: llmDescription
Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module.
References (5)
Core 5
Core References
Patch x_refsource_confirm
http://gallery.menalto.com/gallery_2.2.4_released
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200802-04.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/41669
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28898
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=203217
Scores
EPSS
0.0201
EPSS Percentile
78.5%
Details
CWE
CWE-20
Status
published
Products (1)
menalto/gallery
< 2.2.3
Published
Jan 17, 2008
Tracked Since
Feb 18, 2026