VYPR

Ez Photo Sales

by Ez Photo Sales

CVEs (4)

  • CVE-2007-4260Aug 8, 2007
    risk 0.00cvss epss 0.01

    EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username.

  • CVE-2007-4259Aug 8, 2007
    risk 0.00cvss epss 0.02

    EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled.

  • CVE-2007-4262Aug 8, 2007
    risk 0.00cvss epss 0.02

    Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/.

  • CVE-2007-4261Aug 8, 2007
    risk 0.00cvss epss 0.02

    EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or (2) a file…