A open redirect vulnerability in the 4images admin panel 1.7 - 1.7.10 has been found.
To fix this:
In admin/index.php
find
if ($redirect != "") {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo "<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
exit;
and replace it with
if ($redirect != "") {
if (strpos($redirect, '://') === false) {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo "<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
} else {
redirect('home.php');
}
exit;