VYPR

Image Hosting Script

by Codefuture

CVEs (1)

  • CVE-2019-25709CriApr 12, 2026
    risk 0.64cvss 9.8epss 0.01

    CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete…