Required CVE Record Information
Description
main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.
References 7 Total
- securityfocus.com: 20080926 Crux Gallery <= 1.32 / Insecure Cookie Handling Vulnerability mailing-list
- exchange.xforce.ibmcloud.com: cruxgallery-index-security-bypass(45443) vdb-entry
- securityreason.com: 4365 third-party-advisory
- exploit-db.com: 6586 exploit
- securityfocus.com: 31430 vdb-entry
- attrition.org: 20081007 root cause for Crux Gallery cookie-handling issue? mailing-list
- secunia.com: 32058 third-party-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- securityfocus.com: 20080926 Crux Gallery <= 1.32 / Insecure Cookie Handling Vulnerability mailing-listx_transferred
- exchange.xforce.ibmcloud.com: cruxgallery-index-security-bypass(45443) vdb-entryx_transferred
- securityreason.com: 4365 third-party-advisoryx_transferred
- exploit-db.com: 6586 exploitx_transferred
- securityfocus.com: 31430 vdb-entryx_transferred
- attrition.org: 20081007 root cause for Crux Gallery cookie-handling issue? mailing-listx_transferred
- secunia.com: 32058 third-party-advisoryx_transferred