PT-2002-2784 · Phpwebgallery · Phpwebgallery

Published

2002-12-31

Updated

2008-09-05

CVE-2002-2064

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PhpWebGallery version 1.0

Description The issue allows remote attackers to gain administrative access by setting the photo login cookie to a pseudo value. This is related to the isadmin.php file in PhpWebGallery.

Recommendations For PhpWebGallery version 1.0, consider restricting access to the isadmin.php file until a patch is available. As a temporary workaround, avoid using the photo login cookie or restrict its modification to prevent unauthorized administrative access.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-2064

Affected Products

Phpwebgallery

PT-2002-2784 · Phpwebgallery · Phpwebgallery

CVE-2002-2064

Related Identifiers

Affected Products

References · 4