CVE-2007-2715 Information

Description

Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username or the (2) password and password2 parameters in an edit action.

Reference

http://0day.2600.ir/exploits/3900 http://www.securityfocus.com/bid/23940 http://www.vupen.com/english/advisories/2007/1781 https://exchange.xforce.ibmcloud.com/vulnerabilities/34300 https://www.exploit-db.com/exploits/3900