CVE-2007-2715 - Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and pa

CVE-2007-2715

Summary

Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action.

References

http://0day.2600.ir/exploits/3900
http://www.securityfocus.com/bid/23940
http://www.vupen.com/english/advisories/2007/1781
https://exchange.xforce.ibmcloud.com/vulnerabilities/34300
https://www.exploit-db.com/exploits/3900

Vulnerable Configurations

cpe:2.3:a:snaps_gallery:snaps_gallery:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:snaps_gallery:snaps_gallery:1.4.4:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 11-10-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	23940
exploit-db	3900
misc	http://0day.2600.ir/exploits/3900
vupen	ADV-2007-1781
xf	snaps-users-unauthorized-access(34300)

Last major update

11-10-2017 - 01:32

Published

16-05-2007 - 10:19

Last modified

11-10-2017 - 01:32