CVE-2010-4353

Name of the Vulnerable Software and Affected Versions Menantlo Gallery versions prior to 3.0

Description The issue allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Recommendations For versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider restricting upload permissions to trusted users and disabling the execution of files in the affected directory until a patch is available. Restrict access to the modules/gallery/models/item.php module to minimize the risk of exploitation. Avoid using the file upload feature in the affected module until the issue is resolved.