CVE-2008-4167

ezphotogallery 2.1 - Unauthenticated Administrator Account Manipulation via useradmin.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4167. PoCs published by Stack.

AI-analyzed exploit summary This exploit describes an authentication bypass vulnerability in Ezphotogallery 2.1, allowing an attacker to add an admin user or remove existing users via direct access to the useradmin.php page without proper authentication.

Description

useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Stack · textwebappsphp
https://www.exploit-db.com/exploits/6437

This exploit describes an authentication bypass vulnerability in Ezphotogallery 2.1, allowing an attacker to add an admin user or remove existing users via direct access to the useradmin.php page without proper authentication.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Ezphotogallery 2.1
No auth needed
Prerequisites: Access to the useradmin.php page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31161
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6437
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31774
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4282
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45119

Scores

EPSS 0.0261
EPSS Percentile 83.4%

Details

CWE
CWE-287
Status published
Products (1)
ezphotogallery/ezphotogallery 2.1
Published Sep 22, 2008
Tracked Since Feb 18, 2026