CVE-2012-4926

Name of the Vulnerable Software and Affected Versions Img Pals Photo Host version 1.0

Description The issue concerns a lack of authentication for requests in the approve.php file, allowing remote attackers to modify administrator activation status. This can be achieved by manipulating the u parameter in specific actions, such as app0 to disable or app1 to enable administrator accounts.

Recommendations For Img Pals Photo Host version 1.0, consider temporarily restricting access to the approve.php file until a proper authentication mechanism is implemented to prevent unauthorized changes to administrator accounts. As a mitigation measure, avoid using the u parameter in the affected actions until the issue is resolved.