Total vulnerabilities in the database
main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.
| Software | From | Fixed in |
|---|---|---|
| crux_software / gallery | 1.32 | 1.32.x |
| crux_software / gallery | - | 1.32.x |
| crux_software / gallery | 1.2 | 1.2.x |
| crux_software / gallery | 1.0 | 1.0.x |
| crux_software / gallery | 1.31 | 1.31.x |
| crux_software / gallery | 1.1 | 1.1.x |
| crux_software / gallery | 1.30 | 1.30.x |