The default configuration of BizDesign ImageFolio 2.23 up to and including 2.26 does not control access to (1) admin/setup.cgi, which allows remote malicious users to create an administrative account, or (2) admin/nph-build.cgi, which allows remote malicious users to cause a denial of service (CPU consumption).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bizdesign imagefolio 2.26 |
||
bizdesign imagefolio 2.23 |
||
bizdesign imagefolio 2.24 |