CVE-2007-2715

Snaps! Gallery 1.4.4 - Auth Bypass

Title source: llm

Description

Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dj7xpl · phpwebappsphp

https://www.exploit-db.com/exploits/3900

View Code ZIP pw:eip

References (5)

[Various Sources] http://0day.2600.ir/exploits/3900

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34300

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23940

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3900

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1781

Scores

EPSS 0.0704

EPSS Percentile 91.5%

Details

Status published

Products (1)

snaps_gallery/snaps_gallery 1.4.4

Published May 16, 2007

Tracked Since Feb 18, 2026