Vulnerability Description
approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an (1) app0 (disable) or (2) app1 (enable) action.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imgpals | Img Pals Photo Host | 1.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0180.htmlExploit
- http://www.exploit-db.com/exploits/18544Exploit
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0180.htmlExploit
- http://www.exploit-db.com/exploits/18544Exploit
FAQ
What is CVE-2012-4926?
CVE-2012-4926 is a vulnerability with a CVSS score of 6.4 (MEDIUM). approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an (1) app0 (disable) or (2) app1...
How severe is CVE-2012-4926?
CVE-2012-4926 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4926?
Check the references section above for vendor advisories and patch information. Affected products include: Imgpals Img Pals Photo Host.