Code injection

2008-10-0802:00:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.092 Low

EPSS

Percentile

94.7%

JSON

main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to “users,” as demonstrated via index.php.

CPENameOperatorVersion
galleryeq1.32
galleryle1.32
galleryeq1.2
galleryeq1.0
galleryeq1.31
galleryeq1.1
galleryeq1.30

Name	Operator	Version
gallery	eq	1.32
gallery	le	1.32
gallery	eq	1.2
gallery	eq	1.0
gallery	eq	1.31
gallery	eq	1.1
gallery	eq	1.30

References

secunia.com/advisories/32058

securityreason.com/securityalert/4365

www.attrition.org/pipermail/vim/2008-October/002083.html

www.securityfocus.com/archive/1/496763/100/0/threaded

www.securityfocus.com/bid/31430

exchange.xforce.ibmcloud.com/vulnerabilities/45443

www.exploit-db.com/exploits/6586