111582 : Truegalerie Admin.php Loggedin Parameter Admin Authentication Bypass

Risk 4 : Web Services

The remote host is running TrueGalerie, an album management system written in PHP.

There is a flaw in the version of TrueGalerie which may allow an attacker to log in as the administrator without having to know the password, simply by requesting the URL :

/admin.php?loggedin=1 Provided PHP's 'register_globals' setting is enabled, an attacker may use this flaw to gain administrative privileges on this web server and modify its content.

Solution:
Disable the option 'register_globals' in php.ini or replace this set of CGI by something else.
References:
CVSS Information:
Partial Confidentiality Impact, Partial Integrity Impact, Partial Availability Impact
Credit:
Tenable : 2009-12-04
New Search
Keywords
Risk Factor
Start Date
End Date
Browse