Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.

A flaw exists in Gallery versions previous to 1.4.3-pl1 and post 1.2 which may give an attacker the potential to log in under the 'admin' account. Data outside of the gallery is unaffected and the attacker cannot modify any data other than the photos or photo albums.

A vulnerability was discovered in gallery, a web-based photo album written in php, whereby a remote attacker could gain access to the gallery 'admin' user without proper authentication. No CVE candidate was available for this vulnerability at the time of release.

The remote host is affected by the vulnerability described in GLSA-200406-10 (Gallery: Privilege escalation vulnerability)

    There is a vulnerability in the Gallery photo album software which may     allow an attacker to gain administrator privileges within Gallery. A     Gallery administrator has full access to all albums and photos on the     server, thus attackers may add or delete photos at will.
  Impact :

    Attackers may gain full access to all Gallery albums. There is no risk     to the webserver itself, or the server on which it runs.
  Workaround :

    There is no known workaround at this time. All users are encouraged to     upgrade to the latest available version.

The version of Gallery hosted on the remote web server is affected by an authentication bypass issue.  A flaw exists that may allow an attacker to bypass the authentication mechanism of this software by making requests including the options 'GALLERY_EMBEDDED_INSIDE' and 'GALLERY_EMBEDDED_INSIDE_TYPE'.  An attacker who can bypass authentication will obtain Gallery administrator privileges.

ID	Name	Product	Family	Severity
38140	FreeBSD : Gallery 1.4.3 and ealier user authentication bypass (253ea131-bd12-11d8-b071-00e08110b673)	Nessus	FreeBSD Local Security Checks	critical
15349	Debian DSA-512-1 : gallery - unauthenticated access	Nessus	Debian Local Security Checks	critical
14521	GLSA-200406-10 : Gallery: Privilege escalation vulnerability	Nessus	Gentoo Local Security Checks	critical
12278	Gallery init.php Authentication Bypass	Nessus	CGI abuses	high

Detections

Analytics

CVE-2004-0522

critical

Tenable Plugins

critical

critical

critical

high