JMK Picture Gallery Admin_Gallery.PHP3 Authentication Bypass Vulnerability

Bugtraq ID:	17755
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 01 2006 12:00AM
Updated:	May 01 2006 07:50PM
Credit:	tugr@ and AlpEren are credited with the discovery of this vulnerability.
Vulnerable:	JMK Web Scripts JMK Picture Gallery 0
Not Vulnerable:

JMK Picture Gallery Admin_Gallery.PHP3 Authentication Bypass Vulnerability

JMK Picture Gallery is prone to an authentication-bypass vulnerability. The issue occurs because the affected script fails to prompt for authentication credentials.

An attacker can exploit this issue to bypass authentication and gain admin access to the affected application. This could aid in further attacks on the affected computer.

JMK Picture Gallery Admin_Gallery.PHP3 Authentication Bypass Vulnerability

This issue can be exploited through the use of a web client.

JMK Picture Gallery Admin_Gallery.PHP3 Authentication Bypass Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

JMK Picture Gallery Admin_Gallery.PHP3 Authentication Bypass Vulnerability

References:

• JMK Web Scripts Contact Information (JMK Web Scripts)
  
• JMK's Picture Gallery admin login ([email protected])