OSVDB ID: 85701

Title: ImgPals Photo Host approve.php u Parameter Request Authentication Bypass Admin Activation

Info

Disclosure

Feb 28, 2012

Discovery

Unknown

Dates

Exploit

Feb 28, 2012

Solution

Unknown

Description

ImgPals Photo Host contains a flaw that is triggered when the approve.php script fails to properly authenticate requests supplied via the 'u' parameter. This may allow a remote attacker to bypass authentication requirements for admin activation.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

ImgPals

ImgPals Photo Host

1.0

References

Exploit Database: 18544
CVE ID: 2012-4926 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2012-02/0180.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85701