Imgpals Img Pals Photo Host vulnerabilities
2 known vulnerabilities affecting imgpals/img_pals_photo_host.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2012-4925P3HIGHCVSS 7.5PoCv1.02012-09-15
CVE-2012-4925 [HIGH] CWE-89 CVE-2012-4925: Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attack
Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
CVE-2012-4926P3MEDIUMCVSS 6.4PoCv1.02012-09-15
CVE-2012-4926 [MEDIUM] CWE-287 CVE-2012-4926: approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers
approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an (1) app0 (disable) or (2) app1 (enable) action.
nvd