Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Snaps_gallery | Snaps_gallery | 1.4.4 (including) | 1.4.4 (including) |
References
- http://0day.2600.ir/exploits/3900
- http://www.securityfocus.com/bid/23940
- http://www.vupen.com/english/advisories/2007/1781
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34300
- https://www.exploit-db.com/exploits/3900
- http://0day.2600.ir/exploits/3900
- http://www.securityfocus.com/bid/23940
- http://www.vupen.com/english/advisories/2007/1781
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34300
- https://www.exploit-db.com/exploits/3900