CVE-2008-3292

EZWebAlbum 1.0 - Auth Bypass

Title source: llm

Description

constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Virangar Security · textwebappsphp

https://www.exploit-db.com/exploits/6115

View Code ZIP pw:eip

References (4)

[Exploit] http://www.securityfocus.com/bid/30343

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6115

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43938

[Third Party Advisory] http://securityreason.com/securityalert/4033

Scores

EPSS 0.0165

EPSS Percentile 81.8%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

ezwebalbum/ezwebalbum

Timeline

Published Jul 24, 2008

Tracked Since Feb 18, 2026