CVE-2008-5296

Опубликовано: 01 дек. 2008

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information.

Ссылки

http://gallery.menalto.com/last_official_G1_releases
Patch
Vendor Advisory
http://osvdb.org/50089
http://secunia.com/advisories/32817
Vendor Advisory
http://www.securityfocus.com/bid/32440
https://exchange.xforce.ibmcloud.com/vulnerabilities/46804
http://gallery.menalto.com/last_official_G1_releases
Patch
Vendor Advisory
http://osvdb.org/50089
http://secunia.com/advisories/32817
Vendor Advisory
http://www.securityfocus.com/bid/32440
https://exchange.xforce.ibmcloud.com/vulnerabilities/46804

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*

Версия до 1.5.9 (включая)

cpe:2.3:a:gallery:gallery:*:rc2:*:*:*:*:*:*

Версия до 1.6 (включая)

cpe:2.3:a:gallery:gallery:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:gallery:gallery:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:gallery:gallery:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:gallery:gallery:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:gallery:gallery:1.3.4:pl1:*:*:*:*:*:*

cpe:2.3:a:gallery:gallery:1.4:*:*:*:*:*:*:*

cpe:2.3:a:gallery:gallery:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:gallery:gallery:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:gallery:gallery:1.4.4:pl2:*:*:*:*:*:*

cpe:2.3:a:gallery:gallery:1.5.1:rc2:*:*:*:*:*:*

cpe:2.3:a:gallery:gallery:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:gallery:gallery:1.5.7:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00306

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2008-5296

ubuntu

около 17 лет назад

CVE-2008-5296

debian

около 17 лет назад

Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_glob ...

GHSA-qm2x-29wf-35mq

github

больше 3 лет назад

EPSS

Процентиль: 53%

0.00306

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-287