Unrated severityNVD Advisory· Published Sep 18, 2008· Updated Jun 16, 2026
CVE-2008-4129
CVE-2008-4129
Description
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*range: <=2.2.5
- cpe:2.3:a:gallery:gallery:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gallery:gallery:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gallery:gallery:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gallery:gallery:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gallery:gallery:2.2.4:*:*:*:*:*:*:*
- (no CPE)range: <1.5.9, <2.2.6
Patches
Vulnerability mechanics
References
10- gallery.menalto.com/gallery_1.5.9_releasednvdPatch
- gallery.menalto.com/gallery_2.2.6_releasednvdPatch
- www.securityfocus.com/bid/31231nvdPatch
- secunia.com/advisories/31912nvd
- secunia.com/advisories/32662nvd
- secunia.com/advisories/33144nvd
- security.gentoo.org/glsa/glsa-200811-02.xmlnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/45228nvd
- www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.htmlnvd
News mentions
0No linked articles in our index yet.