Snaps! Gallery Users.PHP Remote Password Change Vulnerability

Bugtraq ID:	23940
Class:	Design Error
CVE:	CVE-2007-2715
Remote:	Yes
Local:	No
Published:	May 11 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	Dj7xpl is credited with the discovery of this vulnerability.
Vulnerable:	Snaps! Gallery Snaps! Gallery 1.4.4
Not Vulnerable:

Snaps! Gallery Users.PHP Remote Password Change Vulnerability

Snaps! Gallery is prone to a vulnerability that may permit an attacker to change the password of arbitrary application users.

Exploiting this issue may allow the attacker to gain unauthorized access to the affected application. Successful exploits will result in a complete compromise of victims' accounts.

Snaps! Gallery 1.4.4 is vulnerable; other versions may also be affected.

Snaps! Gallery Users.PHP Remote Password Change Vulnerability

Attackers can use a browser to exploit this issue.

• /data/vulnerabilities/exploits/23029.html

Snaps! Gallery Users.PHP Remote Password Change Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Snaps! Gallery Users.PHP Remote Password Change Vulnerability

References:

• Guestbara Homepage (Hotscripts.pl)