VYPR

EzGED3

by Ballpoint

CVEs (2)

  • CVE-2025-51540MedAug 19, 2025
    risk 0.34cvss 5.3epss 0.00

    EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5(md5(password)). This hashing method is cryptographically weak and allows attackers to perform efficient offline brute-force attacks if password hashes are disclosed. The lack of salting and use of a fast,…

  • CVE-2025-51539Aug 19, 2025
    risk 0.00cvss epss 0.01

    EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files…