PT-2008-3036 · Gallarific · Gallarific Free Edition

Published

2008-03-24

Updated

2011-07-25

CVE-2008-1469

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Gallarific Free Edition version 1.1

Description The issue allows remote attackers to edit objects without authentication via direct requests to certain API endpoints, specifically "photos.php", "comments.php", and "gallery.php" in the "gadmin/" directory.

Recommendations For Gallarific Free Edition version 1.1, consider restricting access to the "gadmin/" directory and its contents, specifically the "photos.php", "comments.php", and "gallery.php" endpoints, until a proper authentication mechanism is implemented. As a temporary workaround, restrict direct requests to these endpoints to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2008-1469

Affected Products

Gallarific Free Edition

PT-2008-3036 · Gallarific · Gallarific Free Edition

CVE-2008-1469

Weakness Enumeration

Related Identifiers

Affected Products

References · 3