Unrated severityNVD Advisory· Published Mar 9, 2006· Updated Apr 16, 2026
CVE-2006-1128
CVE-2006-1128
Description
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.
Affected products
11cpe:2.3:a:gallery_project:gallery:2.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:gallery_project:gallery:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_alpha1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_alpha2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_alpha3:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_alpha4:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_beta1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_beta2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery_project:gallery:2.0_beta3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- secunia.com/advisories/19104nvdPatchVendor Advisory
- securitytracker.com/idnvdPatch
- archives.neohapsis.com/archives/bugtraq/2006-02/0621.htmlnvd
- gallery.menalto.com/gallery_2.0.3_releasednvd
- www.gulftech.orgnvd
- www.osvdb.org/23597nvd
- www.securityfocus.com/bid/16948nvd
- www.vupen.com/english/advisories/2006/0813nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/25118nvd
News mentions
0No linked articles in our index yet.