Vulnerability Report

CVE-2008-3600

Title: Menalto Gallery Path Traversal / LFI

Path Traversal / LFI

Proof Of Concept

No public PoC currently indexed for CVE-2008-3600.

CWE Category CWE-22
Published Date Aug 12, 2008
Modified Date Apr 09, 2025
Exploit Status Not Found
Score 6.8 CVSS v2.0
Exploit Probability (EPSS)
0.33%

Vulnerability Summary

CVE-2008-3600: Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action.

Impacted Vendors

A
animegenesis 1
M
menalto 1

Reference Links

http://gallery.menalto.com/gallery_1.5.8_released http://secunia.com/advisories/32662 http://security.gentoo.org/glsa/glsa-200811-02.xml http://securityreason.com/securityalert/4142 http://www.securityfocus.com/archive/1/495284/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/44373 https://www.exploit-db.com/exploits/6222 http://gallery.menalto.com/gallery_1.5.8_released http://secunia.com/advisories/32662 http://security.gentoo.org/glsa/glsa-200811-02.xml http://securityreason.com/securityalert/4142 http://www.securityfocus.com/archive/1/495284/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/44373 https://www.exploit-db.com/exploits/6222
CVSS v2.0
Source Entity [email protected]
Severity MEDIUM
6.8
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:M/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2008-3600 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.