Vulnerabilities > Imgpals > IMG Pals Photo Host > 1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-15 | CVE-2012-4926 | Improper Authentication vulnerability in Imgpals IMG Pals Photo Host 1.0 approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an (1) app0 (disable) or (2) app1 (enable) action. | 6.4 |
| 2012-09-15 | CVE-2012-4925 | SQL Injection vulnerability in Imgpals IMG Pals Photo Host 1.0 Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. | 7.5 |