PlanetGallery - 'Gallery_admin.php' Authentication Bypass

EDB-ID:

27784


Author:

tugr@

Type:

webapps


Platform:

PHP

Date:

2006-04-29


source: https://www.securityfocus.com/bid/17753/info

PlanetGallery is prone to an authentication-bypass vulnerability. The issue occurs because the affected script fails to prompt for authentication credentials. 

An attacker can exploit this issue to bypass authentication and gain admin access. This could aid in further attacks on the affected computer.

http://www.example.com/planetgallery/admin/gallery_admin.php