RSS   Podatności dla 'Gallery'   RSS

2008-10-07
 
CVE-2008-4484

CWE-264
 

 
main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.

 
 
CVE-2008-4483

CWE-22
 

 
Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.

 

 >>> Vendor: Crux software 2 Produkty
Gallery
Cruxcms


Copyright 2024, cxsecurity.com

 

Back to Top