Gallery init.php Authentication Bypass
High Nessus Plugin ID 12278
SynopsisThe remote host is running a PHP application that is affected by an authentication bypass vulnerability.
DescriptionThe version of Gallery hosted on the remote web server is affected by an authentication bypass issue. A flaw exists that may allow an attacker to bypass the authentication mechanism of this software by making requests including the options 'GALLERY_EMBEDDED_INSIDE' and 'GALLERY_EMBEDDED_INSIDE_TYPE'. An attacker who can bypass authentication will obtain Gallery administrator privileges.
SolutionUpgrade to Gallery 1.4.3-pl2 or later.