FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gallery 1.4.3 and ealier user authentication bypass

Affected packages
gallery < 1.4.3.2

Details

VuXML ID 253ea131-bd12-11d8-b071-00e08110b673
Discovery 2004-06-01
Entry 2004-06-24

A flaw exists in Gallery versions previous to 1.4.3-pl1 and post 1.2 which may give an attacker the potential to log in under the "admin" account. Data outside of the gallery is unaffected and the attacker cannot modify any data other than the photos or photo albums.

References

CVE Name CVE-2004-0522
URL http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=123
URL http://secunia.com/advisories/11752