PT-2007-4032 · Snaps! · Snaps! Gallery

Dj7Xpl

Published

2007-05-16

Updated

2017-10-11

CVE-2007-2715

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Snaps! Gallery version 1.4.4

Description The issue allows remote attackers to change arbitrary usernames and passwords. This is achieved via the username, or the password and password2 parameters in an edit action.

Recommendations For Snaps! Gallery version 1.4.4, avoid using the username, password, and password2 parameters in the edit action until the issue is resolved. As a temporary workaround, consider restricting access to the Admin/users.php file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2715

Affected Products

Snaps! Gallery

PT-2007-4032 · Snaps! · Snaps! Gallery

CVE-2007-2715

Related Identifiers

Affected Products

References · 6