Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gallery | Gallery | * | 1.5.9 (including) |
| Gallery | Gallery | * | 1.6 (including) |
| Gallery | Gallery | 1.2.1 (including) | 1.2.1 (including) |
| Gallery | Gallery | 1.3.1 (including) | 1.3.1 (including) |
| Gallery | Gallery | 1.3.2 (including) | 1.3.2 (including) |
| Gallery | Gallery | 1.3.3 (including) | 1.3.3 (including) |
| Gallery | Gallery | 1.3.4-pl1 (including) | 1.3.4-pl1 (including) |
| Gallery | Gallery | 1.4 (including) | 1.4 (including) |
| Gallery | Gallery | 1.4.1 (including) | 1.4.1 (including) |
| Gallery | Gallery | 1.4.4 (including) | 1.4.4 (including) |
| Gallery | Gallery | 1.4.4-pl2 (including) | 1.4.4-pl2 (including) |
| Gallery | Gallery | 1.5.1-rc2 (including) | 1.5.1-rc2 (including) |
| Gallery | Gallery | 1.5.2 (including) | 1.5.2 (including) |
| Gallery | Gallery | 1.5.7 (including) | 1.5.7 (including) |