Crux Software: >> Gallery >> 1.32 Security Vulnerabilities
Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.
CVSS Score
6.8
EPSS Score
0.015
Published
2008-10-08
main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.
CVSS Score
6.8
EPSS Score
0.059
Published
2008-10-08