Easy Photo Gallery useradmin.php security bypass
| easyphotogallery-useradmin-security-bypass (45119) |  Medium Risk |
Description:
Easy Photo Gallery could allow a remote attacker to bypass security restrictions, caused by improper validation by the useradmin.php script. A remote attacker could exploit this vulnerability and bypass security restrictions to add or delete arbitrary users from the system.
Platforms Affected:
- Easy Photo Gallery, Easy Photo Gallery 2.1
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Bypass Security
References:
- Easy Photo Gallery Web page, Easy Photo Gallery at http://ezphotogallery.sourceforge.net/.
- BID-31161: Easy Photo Gallery 'useradmin.php' Access Validation Vulnerability
- CVE-2008-4167: useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account.
Reported:
Sep 11, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net