CVE-2013-2241

Name of the Vulnerable Software and Affected Versions Gallery 3 versions prior to 3.0.9

Description The issue allows remote attackers to bypass intended access restrictions and obtain sensitive information, specifically image files. This is achieved by manipulating the size parameter with the "full" string.

Recommendations For versions prior to 3.0.9, update to version 3.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the data rest.php file in the modules/gallery/helpers directory until a patch is applied. Avoid using the "full" string in the size parameter in the affected API endpoint until the issue is resolved.