useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account.
References
Configurations
History
21 Nov 2024, 00:51
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/31774 - | |
References | () http://securityreason.com/securityalert/4282 - | |
References | () http://www.securityfocus.com/bid/31161 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/45119 - | |
References | () https://www.exploit-db.com/exploits/6437 - |
Information
Published : 2008-09-22 18:34
Updated : 2024-11-21 00:51
NVD link : CVE-2008-4167
Mitre link : CVE-2008-4167
CVE.ORG link : CVE-2008-4167
JSON object : View
Products Affected
ezphotogallery
- ezphotogallery
CWE
CWE-287
Improper Authentication