CVE-2008-4484

main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
crux_softwaregallery
𝑥
≤ 1.32
crux_softwaregallery
1.0
crux_softwaregallery
1.1
crux_softwaregallery
1.2
crux_softwaregallery
1.30
crux_softwaregallery
1.31
crux_softwaregallery
1.32
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/32058
http://securityreason.com/securityalert/4365
http://www.attrition.org/pipermail/vim/2008-October/002083.html
http://www.securityfocus.com/archive/1/496763/100/0/threaded
http://www.securityfocus.com/bid/31430
https://exchange.xforce.ibmcloud.com/vulnerabilities/45443
https://www.exploit-db.com/exploits/6586
http://secunia.com/advisories/32058
http://securityreason.com/securityalert/4365
http://www.attrition.org/pipermail/vim/2008-October/002083.html
http://www.securityfocus.com/archive/1/496763/100/0/threaded
http://www.securityfocus.com/bid/31430
https://exchange.xforce.ibmcloud.com/vulnerabilities/45443
https://www.exploit-db.com/exploits/6586