VYPR

Ace Image Hosting Script

by Ace Image Hosting Script

CVEs (2)

  • CVE-2019-25709CriApr 12, 2026
    risk 0.64cvss 9.8epss 0.01

    CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete…

  • CVE-2007-6393Dec 17, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.