Vulnerabilities > Photorange Photo Vault Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-23 | CVE-2018-20371 | Information Exposure vulnerability in Photorange Photo Vault Project Photorange Photo Vault 1.2 PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd2" and so on. | 9.8 |