Vulnerability Details CVE-2008-3292
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 84.6%
CVSS Severity
CVSS v2 Score 6.4
References
- http://securityreason.com/securityalert/4033
- http://www.securityfocus.com/bid/30343
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43938
- https://www.exploit-db.com/exploits/6115
- http://securityreason.com/securityalert/4033
- http://www.securityfocus.com/bid/30343
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43938
- https://www.exploit-db.com/exploits/6115
Products affected by CVE-2008-3292
-
cpe:2.3:a:ezwebalbum:ezwebalbum:1.0