ID CVE-2007-4261
Summary EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or (2) a file containing username hashes and password hashes via a direct request for OnlineViewing/configuration/config.dat/. NOTE: vector 2 can be leveraged for administrative access because authentication does not require knowledge of cleartext values, but instead uses the username hash in the ConfigLogin parameter and the password hash in the ConfigPassword parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:ez_photo_sales:ez_photo_sales:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:ez_photo_sales:ez_photo_sales:1.9.3:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 15-10-2018 - 21:34)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 25323
bugtraq 20070806 EZPhotoSales 1.9.3 Multiple Vulnerabilities
misc
secunia 26341
sreason 2985
xf
  • ezphotosales-config-information-disclosure(35841)
  • ezphotosales-galleries-info-disclosure(35840)
Last major update 15-10-2018 - 21:34
Published 08-08-2007 - 23:17
Last modified 15-10-2018 - 21:34
Back to Top