← back
CVE-2018-25294

CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service

CVSS 8.7 HIGHEPSS 0.4%CWE-120
CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected products
Cewe-Photoworld · CEWE Photoshow
public PoCs found1
cve_referencewww.exploit-db.com/exploits/45211unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cewe-photoworld.com/https://cewe-photoworld.com/creator-software/windows-downloadhttps://www.exploit-db.com/exploits/45211https://www.vulncheck.com/advisories/cewe-photoshow-buffer-overflow-denial-of-service