Admin/users.php in Snaps! Gallery 1.4.4 allows remote malicious users to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
snaps gallery snaps gallery 1.4.4 |