Vulnerabilities > CVE-2007-4260 - Remote Security vulnerability in Ez Photo Sales
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://securityreason.com/securityalert/2985
- http://www.airscanner.com/security/07080601_ezphotosales.htm
- http://www.informit.com/guides/content.asp?g=security&seqNum=267
- http://www.informit.com/guides/content.asp?g=security&seqNum=268
- http://www.securityfocus.com/archive/1/475678/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35837