CVE-2008-4484
Crux Gallery 1.32 - Insecure Cookie Handling
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.
main.php en Crux Gallery 1.32 y versiones anteriores, supone que el usuario es un administrador, si el nombre del parámetro no es "users", el cual permite a los atacantes remotos obtener acceso como administrador, estableciendo el nombre del parámetro a "users", como se demuestra a través de index.php.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-10-07 CVE Reserved
- 2008-10-08 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-09-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/4365 | Third Party Advisory | |
| http://www.attrition.org/pipermail/vim/2008-October/002083.html | Mailing List | |
| http://www.securityfocus.com/archive/1/496763/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/31430 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45443 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/6586 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/32058 | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Crux Software Search vendor "Crux Software" | Gallery Search vendor "Crux Software" for product "Gallery" | <= 1.32 Search vendor "Crux Software" for product "Gallery" and version " <= 1.32" | php5 |
Affected
| ||||||
| Crux Software Search vendor "Crux Software" | Gallery Search vendor "Crux Software" for product "Gallery" | 1.0 Search vendor "Crux Software" for product "Gallery" and version "1.0" | - |
Affected
| ||||||
| Crux Software Search vendor "Crux Software" | Gallery Search vendor "Crux Software" for product "Gallery" | 1.1 Search vendor "Crux Software" for product "Gallery" and version "1.1" | - |
Affected
| ||||||
| Crux Software Search vendor "Crux Software" | Gallery Search vendor "Crux Software" for product "Gallery" | 1.2 Search vendor "Crux Software" for product "Gallery" and version "1.2" | - |
Affected
| ||||||
| Crux Software Search vendor "Crux Software" | Gallery Search vendor "Crux Software" for product "Gallery" | 1.30 Search vendor "Crux Software" for product "Gallery" and version "1.30" | - |
Affected
| ||||||
| Crux Software Search vendor "Crux Software" | Gallery Search vendor "Crux Software" for product "Gallery" | 1.31 Search vendor "Crux Software" for product "Gallery" and version "1.31" | - |
Affected
| ||||||
| Crux Software Search vendor "Crux Software" | Gallery Search vendor "Crux Software" for product "Gallery" | 1.32 Search vendor "Crux Software" for product "Gallery" and version "1.32" | - |
Affected
| ||||||