EZPhotoSales 1.9.3 and previous versions allows remote malicious users to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ez photo sales ez photo sales 1.9.3 |