9.8
CVE-2019-25709
- EPSS 0.61%
- Veröffentlicht 12.04.2026 12:28:54
- Zuletzt bearbeitet 23.04.2026 20:22:37
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginCF Image Hosting Script 1.6.5 Unauthorized Database Access
CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via the d parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Codefuture ≫ Image Hosting Script Version1.6.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.61% | 0.443 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
https://www.exploit-db.com/exploits/46094
https://davidtavarez.github.io/
http://forum.codefuture.co.uk/showthread.php?tid=73141
https://www.vulncheck.com/advisories/cf-image-hosting-script-unauthorized-database-access