CVE-2008-3600

Name of the Vulnerable Software and Affected Versions Gallery versions 1.5.7 and 1.6-alpha3

Description The issue allows remote attackers to include and execute arbitrary local files due to a directory traversal vulnerability. This occurs when register globals is enabled, and a .. (dot dot) is used in the phpEx parameter within a "modload" action.

Recommendations For Gallery version 1.5.7, consider disabling the modload action until a patch is available. For Gallery version 1.6-alpha3, restrict access to the modules.php file to minimize the risk of exploitation. Avoid using the phpEx parameter in the affected module until the issue is resolved.