2008-06-16 23:00:00
mitre
PUBLISHED
Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions.