Gallery Unspecified Security Bypass Vulnerability Network Vulnerability

Summary

The host is running Gallery and is prone to Security Bypass Vulnerability.

Impact

Successful exploitation allows attackers to bypass authentication and gain administrative access to the application, if register_globals is enabled. Impact Level: Application

Solution

Update to version 1.5.10 or 1.6-RC3. http://codex.gallery2.org/Downloads

Insight

The flaw is due to improper validation of authentication cookies.

Affected

Gallery Version 1.5.x before 1.5.10 and 1.6 before 1.6-RC3 on all platform.

References

http://gallery.menalto.com/last_official_G1_releases
http://secunia.com/advisories/32817
http://xforce.iss.net/xforce/xfdb/46804

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5296

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2 'XWork' Information Disclosure Vulnerability
Apache Web Server ETag Header Information Disclosure Weakness
Apache Struts Directory Traversal Vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
aeNovo Database Content Disclosure Vulnerability

Take action and discover your vulnerabilities