Unrated severityNVD Advisory· Published Sep 18, 2008· Updated Apr 23, 2026

CVE-2008-4129

Description

Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.

Affected products

Gallery/Gallery6 versions
cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*range: <=2.2.5
- cpe:2.3:a:gallery:gallery:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gallery:gallery:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery:gallery:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery:gallery:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gallery:gallery:2.2.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gallery.menalto.com/gallery_1.5.9_releasednvdPatch
gallery.menalto.com/gallery_2.2.6_releasednvdPatch
www.securityfocus.com/bid/31231nvdPatch
secunia.com/advisories/31912nvd
secunia.com/advisories/32662nvd
secunia.com/advisories/33144nvd
security.gentoo.org/glsa/glsa-200811-02.xmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/45228nvd
www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.htmlnvd
www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000