← volver
CVE-2018-25294

CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service

CVSS 8.7 HIGHEPSS 0.4%CWE-120
CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Productos afectados
Cewe-Photoworld · CEWE Photoshow
PoCs públicas encontradas1
cve_referencewww.exploit-db.com/exploits/45211no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cewe-photoworld.com/https://cewe-photoworld.com/creator-software/windows-downloadhttps://www.exploit-db.com/exploits/45211https://www.vulncheck.com/advisories/cewe-photoshow-buffer-overflow-denial-of-service