This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.
The remote host is running a PHP application that is affected by an
authentication bypass vulnerability.
The version of Gallery hosted on the remote web server is affected by
an authentication bypass issue. A flaw exists that may allow an
attacker to bypass the authentication mechanism of this software by
making requests including the options 'GALLERY_EMBEDDED_INSIDE' and
'GALLERY_EMBEDDED_INSIDE_TYPE'. An attacker who can bypass
authentication will obtain Gallery administrator privileges.
See also :
Upgrade to Gallery 1.4.3-pl2 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true
Family: CGI abuses
Nessus Plugin ID: 12278 (gallery_auth_bypass.nasl)
Bugtraq ID: 10451
CVE ID: CVE-2004-0522
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.