VYPR
Unrated severityNVD Advisory· Published Sep 18, 2008· Updated Jun 16, 2026

CVE-2008-4129

CVE-2008-4129

Description

Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*range: <=2.2.5
    • cpe:2.3:a:gallery:gallery:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gallery:gallery:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gallery:gallery:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gallery:gallery:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gallery:gallery:2.2.4:*:*:*:*:*:*:*
    • (no CPE)range: <1.5.9, <2.2.6

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.