CVE-2008-4167

Loading...

General

Score:6.4/10.0
Severity:Medium
Category:Access Control Error
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 22/09/08 - Updated on 29/09/17

Description

useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account.

Category: Access Control Error

CWE-287 (Authentication Issues)
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Security Notices

US National Vulnerability DatabaseCVE-2008-4167

Exploits

Exploit-DBEDB-6437
SecurityFocusBID-31161

Relative technologies

VendorProduct
ezphotogalleryezphotogallery

Share this vulnerability with:

Twitter Facebook LinkedIn Mail