EZPhotoSales
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4259 | 0.00 | — | 0.02 | Aug 8, 2007 | EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled. | |||
| CVE-2007-4262 | 0.00 | — | 0.02 | Aug 8, 2007 | Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/. | |||
| CVE-2007-4261 | 0.00 | — | 0.02 | Aug 8, 2007 | EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or (2) a file… | |||
| CVE-2007-4260 | 0.00 | — | 0.01 | Aug 8, 2007 | EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username. |
- CVE-2007-4259Aug 8, 2007risk 0.00cvss —epss 0.02
EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled.
- CVE-2007-4262Aug 8, 2007risk 0.00cvss —epss 0.02
Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/.
- CVE-2007-4261Aug 8, 2007risk 0.00cvss —epss 0.02
EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or (2) a file…
- CVE-2007-4260Aug 8, 2007risk 0.00cvss —epss 0.01
EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username.