Vulnerabilities > Gallarific > Gallarific > 1.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-24 | CVE-2008-1469 | Improper Authentication vulnerability in Gallarific 1.1 Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. | 6.4 |
| 2008-03-24 | CVE-2008-1464 | SQL Injection vulnerability in Gallarific 1.1 Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) query parameter to (a) search.php; (2) gusername and (3) gpassword parameters to (b) login.php; and the (4) username and (5) password parameters to (c) gadmin/index.php in a signin action. | 7.5 |