CVE-2002-1726

Name of the Vulnerable Software and Affected Versions PhotoDB version 1.4

Description The issue allows remote attackers to bypass authentication. This can be achieved by manipulating the URL with a large Time parameter, non-empty rmtusername and rmtpassword parameters, and an accesslevel parameter that is lower than the access level of the requested page.

Recommendations For PhotoDB version 1.4, consider restricting access to the secure inc.php file until a patch is available, and ensure that the accesslevel parameter is properly validated to prevent unauthorized access.