PT-2026-39151 · Unknown · Novagallery
Kitu232
·
Published
2026-05-08
·
Updated
2026-05-08
·
CVE-2026-42028
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
novaGallery versions prior to 2.1.1
Description
A path traversal issue in this PHP image gallery allows unauthenticated users to read image files located outside the intended gallery root directory. Path traversal is a flaw that lets an attacker manipulate file paths to access files and directories stored outside the web root folder.
Recommendations
Update to version 2.1.1.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Novagallery