PHPoto Default Admin Password

2004-05-24T16:31:00
ID OSVDB:7614
Type osvdb
Reporter OSVDB
Modified 2004-05-24T16:31:00

Description

Vulnerability Description

PHPhoto contains a flaw related to the 'install.sql' script, which sets the initial admin password to 'admin' (in earlier versions the default password was blank). It is possible for a remote attacker to gain access to restricted pages, resulting in a loss of confidentiality.

Solution Description

Upgrade to version 0.4.0-pre-5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHPhoto contains a flaw related to the 'install.sql' script, which sets the initial admin password to 'admin' (in earlier versions the default password was blank). It is possible for a remote attacker to gain access to restricted pages, resulting in a loss of confidentiality.

References:

Vendor URL: http://www.davidbindel.com/opensource/PHPoto/ Vendor Specific Advisory URL