11 lines
No EOL
750 B
Text
11 lines
No EOL
750 B
Text
source: https://www.securityfocus.com/bid/28163/info
|
|
|
|
Gallarific is prone to a cross-site scripting vulnerability and multiple authentication-bypass vulnerabilities.
|
|
|
|
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, add new categories, add new users, and modify existing users. Other attacks are also possible.
|
|
|
|
These issues affect both the commercial and the free versions of Gallarific.
|
|
|
|
http://www.example.com/gallery/gadmin/index.php?task=add (categori add)
|
|
http://www.example.com/gallery/gadmin/users.php?task=edit&id=2 (user edit)
|
|
http://www.example.com/gallery/gadmin/users.php?task=add (user add) |