- EPSS 1.52%
- Veröffentlicht 08.08.2007 23:17:00
- Zuletzt bearbeitet 16.06.2026 22:43:41
EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled.
- EPSS 1.44%
- Veröffentlicht 08.08.2007 23:17:00
- Zuletzt bearbeitet 16.06.2026 22:43:41
EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username.
CVE-2007-4261
- EPSS 2.12%
- Veröffentlicht 08.08.2007 23:17:00
- Zuletzt bearbeitet 16.06.2026 22:43:41
EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries...
CVE-2007-4262
- EPSS 1.78%
- Veröffentlicht 08.08.2007 23:17:00
- Zuletzt bearbeitet 16.06.2026 22:43:42
Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/.