CVE-2008-5296

Publication date 1 December 2008

Last updated 24 July 2024


Ubuntu priority

Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information.

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
gallery 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid Ignored end of life, was needed
8.04 LTS hardy
Not affected
7.10 gutsy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life

Notes


mdeslaur

vulnerable code introduced in 1.5.8-svn-b34