cbcvebase.
CVE-2006-1128
published 2006-03-09

CVE-2006-1128: Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete…

PriorityP430medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
3.92%
89.0th percentile
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.

Affected

11 ranges
VendorProductVersion rangeFixed in
gallery_projectgallery
gallery_projectgallery
gallery_projectgallery
gallery_projectgallery
gallery_projectgallery
gallery_projectgallery
gallery_projectgallery
gallery_projectgallery
gallery_projectgallery
gallery_projectgallery
gallery_projectgallery
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.