ImgPals Photo Host contains a flaw that is triggered when the approve.php script fails to properly authenticate requests supplied via the 'u' parameter. This may allow a remote attacker to bypass authentication requirements for admin activation.
Remote / Network Access
Loss of Integrity
OSVDB is not aware of a solution for this vulnerability.