9 matches found
EUVD-2012-4850
Malware in sbrugna...
CVE-2012-4926
approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an 1 app0 disable or 2 app1 enable action...
CVE-2012-4925
Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a 1 app0 or 2 app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2012-4926
approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an 1 app0 disable or 2 app1 enable action...
Sql injection
Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a 1 app0 or 2 app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2012-4926
approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an 1 app0 disable or 2 app1 enable action...
CVE-2012-4925
CVE-2012-4925 describes multiple SQL injection vulnerabilities in Img Pals Photo Host 1.0, triggered via the u parameter in approve.php when performing app0 or app1 actions. The issue allows remote attackers to execute arbitrary SQL commands. The CVSSv2 score is 7.5 (HIGH) with network attack vec...
CVE-2012-4925
Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a 1 app0 or 2 app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2012-4926
The CVE-2012-4926 issue affects Img Pals Photo Host 1.0, specifically the approve.php endpoint. The root cause is lack of authentication on requests, allowing remote attackers to change administrator activation via the u parameter in actions (app0 for disable, app1 for enable). The connected reco...