CVE-2008-4167

Ezphotogallery - Authentication Bypass

Title source: rule

Description

useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Stack · textwebappsphp

https://www.exploit-db.com/exploits/6437

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31161

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6437

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45119

[Third Party Advisory] http://secunia.com/advisories/31774

[Third Party Advisory] http://securityreason.com/securityalert/4282

Scores

EPSS 0.0474

EPSS Percentile 89.3%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

ezphotogallery/ezphotogallery

Timeline

Published Sep 22, 2008

Tracked Since Feb 18, 2026