CVE-2008-1327

gallarific - Unauthenticated Task Manipulation via users.php and index.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1327. PoCs published by ZoRLu.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Gallarific, including XSS and authentication bypass issues. It outlines specific URLs that can be exploited to add categories, edit users, and add new users without proper authentication.

Description

Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31370

The provided text describes multiple vulnerabilities in Gallarific, including XSS and authentication bypass issues. It outlines specific URLs that can be exploited to add categories, edit users, and add new users without proper authentication.

Classification
Writeup 90%
Attack Type
Xss | Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: Gallarific (commercial and free versions)
No auth needed
Prerequisites: Access to the target URLs
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

EPSS 0.0307
EPSS Percentile 85.9%

Details

CWE
CWE-287
Status published
Products (1)
gallarific/gallarific
Published Mar 13, 2008
Tracked Since Feb 18, 2026