Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

TrueGalerie admin.php loggedin Parameter Admin Authentication Bypass

Medium

Synopsis

It is possible to gain administrative privileges on the remote TrueGallerie installation by requesting the URL '/admin.php?loggedin=1'.

Description

It is possible to gain administrative privileges on the remote TrueGallerie installation by requesting the URL '/admin.php?loggedin=1'. An attacker may use this flaw to edit the content of the remote web server.

Solution

Disable the option 'register_globals' in php.ini.