CVE 2008-2724
Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions.
Related bugs and status
CVE-2008-2724 (Candidate) is related to these bugs:
Bug #202422: CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates
Bug #242671: CVE-2008-272[0-4]: Lots of varied vulnerabilities
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 242671 | CVE-2008-272[0-4]: Lots of varied vulnerabilities | gallery2 (Ubuntu) | Undecided | Fix Released | ||
| 242671 | CVE-2008-272[0-4]: Lots of varied vulnerabilities | gallery2 (Ubuntu Hardy) | High | Fix Released | ||
| 242671 | CVE-2008-272[0-4]: Lots of varied vulnerabilities | gallery2 (Ubuntu Intrepid) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
