Unrated severityNVD Advisory· Published Oct 8, 2008· Updated Apr 23, 2026

CVE-2008-4484

Description

main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.

Affected products

Crux Software/Gallery7 versions
cpe:2.3:a:crux_software:gallery:1.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:crux_software:gallery:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:crux_software:gallery:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:crux_software:gallery:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:crux_software:gallery:1.30:*:*:*:*:*:*:*
- cpe:2.3:a:crux_software:gallery:1.31:*:*:*:*:*:*:*
- cpe:2.3:a:crux_software:gallery:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:crux_software:gallery:*:php5:*:*:*:*:*:*range: <=1.32

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/32058nvdVendor Advisory
securityreason.com/securityalert/4365nvd
www.attrition.org/pipermail/vim/2008-October/002083.htmlnvd
www.securityfocus.com/archive/1/496763/100/0/threadednvd
www.securityfocus.com/bid/31430nvd
exchange.xforce.ibmcloud.com/vulnerabilities/45443nvd
www.exploit-db.com/exploits/6586nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000