CVE-2008-4484

Name of the Vulnerable Software and Affected Versions: Crux Gallery versions 1.32 and earlier

Description: The issue allows remote attackers to gain administrative access. This can be achieved by setting the name parameter to "users" in the main.php file, as demonstrated via the index.php endpoint.

Recommendations: For Crux Gallery versions 1.32 and earlier, avoid using the name parameter in the main.php file until the issue is resolved. As a temporary workaround, consider restricting access to the main.php file to minimize the risk of exploitation.