PT-2012-5661 · Img Pals · Img Pals Photo Host

Corrado Liotta

Published

2012-09-15

Updated

2012-09-18

CVE-2012-4926

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Img Pals Photo Host version 1.0

Description The issue concerns a lack of authentication for requests in the approve.php file, allowing remote attackers to modify administrator activation status. This can be achieved by manipulating the u parameter in specific actions, such as app0 to disable or app1 to enable administrator accounts.

Recommendations For Img Pals Photo Host version 1.0, consider temporarily restricting access to the approve.php file until a proper authentication mechanism is implemented to prevent unauthorized changes to administrator accounts. As a mitigation measure, avoid using the u parameter in the affected actions until the issue is resolved.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2012-4926

Affected Products

Img Pals Photo Host

PT-2012-5661 · Img Pals · Img Pals Photo Host

CVE-2012-4926

Weakness Enumeration

Related Identifiers

Affected Products

References · 4