CVE-2019-25552

Published: Mar 21, 2026 Last Modified: Mar 21, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 7,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a large string of repeated characters into the password input during the upload process to trigger an application crash.

836

Use of Password Hash Instead of Password for Authentication

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity

Applicable Platforms

All platforms may be affected

View CWE Details

https://cewe-photoworld.com/

https://cewe-photoworld.com/

https://www.exploit-db.com/exploits/46861

https://www.exploit-db.com/exploits/46861

https://www.vulncheck.com/advisories/cewe-photo-show-denial…

https://www.vulncheck.com/advisories/cewe-photo-show-denial-of-service-via-pass…