CVE-2008-4484

Crux Gallery <= 1.32 - Unauthenticated Privilege Escalation via Name Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4484. PoCs published by Pepelux.

AI-analyzed exploit summary The exploit describes an insecure cookie handling vulnerability in Crux Gallery <= 1.32, allowing unauthorized access to the admin panel by manipulating the URL and cookie parameters. It provides examples of URLs to access admin functions without authentication.

Description

main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Pepelux · textwebappsphp

https://www.exploit-db.com/exploits/6586

View Code ZIP pw:eip

The exploit describes an insecure cookie handling vulnerability in Crux Gallery <= 1.32, allowing unauthorized access to the admin panel by manipulating the URL and cookie parameters. It provides examples of URLs to access admin functions without authentication.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Crux Gallery <= 1.32

No auth needed

Prerequisites: Access to the target application URL

MITRE ATT&CK