Ezwebalbum · Ezwebalbum · CVE-2008-3292
Name of the Vulnerable Software and Affected Versions:
EZWebAlbum version 1.0
Description:
The issue allows remote attackers to bypass authentication and gain administrator privileges. This can be achieved by setting the `photoalbumadmin` cookie, as demonstrated via the "addpage.php" endpoint.
Recommendations:
For EZWebAlbum version 1.0, consider disabling the `addpage.php` endpoint until a patch is available to prevent exploitation. Restrict access to administrator privileges to minimize the risk of unauthorized access. Avoid using the `photoalbumadmin` cookie in the affected endpoint until the issue is resolved.