Description
The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote attackers to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1.
Exploits (1)
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_vulnwatch
http://marc.info/?l=vulnwatch&m=105128431109082&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11886
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/8683
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7427
Scores
EPSS
0.0459
EPSS Percentile
89.3%
Details
CWE
CWE-20
Status
published
Products (1)
truelogik/truegalerie
1.0
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026