Gallarific index.php and users.php authentication bypass
| gallarific-index-users-auth-bypass (41106) |  Medium Risk |
Description:
Gallarific could allow a remote attacker to bypass authentication, caused by improper validation by the index.php and users.php scripts. An attacker could exploit this vulnerability to bypass security restrictions and perform multiple unauthorized actions on the vulnerable system.
Platforms Affected:
- Gallarific, Gallarific
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Bypass Security
References:
- Gallarific Web site, Web Photo Gallery Software, PHP Photo Gallery Script, Web Site Photo Gallery Script at http://www.gallarific.com/download.php.
- BID-28163: Gallarific Cross Site Scripting and Authentication Bypass Vulnerabilities
- CVE-2008-1327: Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- SA29399: Gallarific Multiple Vulnerabilities
Reported:
Mar 10, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net