2008-10-08 01:00:00
mitre
PUBLISHED
main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.