- EPSS 0.58%
- Veröffentlicht 08.08.2007 23:17:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled.
- EPSS 0.55%
- Veröffentlicht 08.08.2007 23:17:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username.
CVE-2007-4261
- EPSS 1.94%
- Veröffentlicht 08.08.2007 23:17:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries...
CVE-2007-4262
- EPSS 1.46%
- Veröffentlicht 08.08.2007 23:17:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/.