CVE-2008-5296

Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Gallery	Gallery	*	1.5.9 (including)
Gallery	Gallery	*	1.6 (including)
Gallery	Gallery	1.2.1 (including)	1.2.1 (including)
Gallery	Gallery	1.3.1 (including)	1.3.1 (including)
Gallery	Gallery	1.3.2 (including)	1.3.2 (including)
Gallery	Gallery	1.3.3 (including)	1.3.3 (including)
Gallery	Gallery	1.3.4-pl1 (including)	1.3.4-pl1 (including)
Gallery	Gallery	1.4 (including)	1.4 (including)
Gallery	Gallery	1.4.1 (including)	1.4.1 (including)
Gallery	Gallery	1.4.4 (including)	1.4.4 (including)
Gallery	Gallery	1.4.4-pl2 (including)	1.4.4-pl2 (including)
Gallery	Gallery	1.5.1-rc2 (including)	1.5.1-rc2 (including)
Gallery	Gallery	1.5.2 (including)	1.5.2 (including)
Gallery	Gallery	1.5.7 (including)	1.5.7 (including)
Gallery	Ubuntu	dapper	*
Gallery	Ubuntu	gutsy	*
Gallery	Ubuntu	intrepid	*
Gallery	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-5296
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

References

CVE-2008-5296

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References