VYPR

Photo Vault

by PhotoRange

CVEs (1)

  • CVE-2018-20371CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd2" and so on.