PT-2002-2448 · Photodb · Photodb

Published

2002-12-31

Updated

2017-07-11

CVE-2002-1726

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PhotoDB version 1.4

Description The issue allows remote attackers to bypass authentication. This can be achieved by manipulating the URL with a large Time parameter, non-empty rmtusername and rmtpassword parameters, and an accesslevel parameter that is lower than the access level of the requested page.

Recommendations For PhotoDB version 1.4, consider restricting access to the secure inc.php file until a patch is available, and ensure that the accesslevel parameter is properly validated to prevent unauthorized access.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1726

Affected Products

Photodb

PT-2002-2448 · Photodb · Photodb

CVE-2002-1726

Related Identifiers

Affected Products

References · 5