CVE-2007-4259

Name of the Vulnerable Software and Affected Versions EZPhotoSales versions 1.9.3 and earlier

Description The issue allows remote attackers to download arbitrary image files. This can be achieved through a direct request for a URL under "OnlineViewing/galleries/" or by navigating the gallery user interface with JavaScript disabled.

Recommendations For EZPhotoSales versions 1.9.3 and earlier, update to a version later than 1.9.3 to resolve the issue. As a temporary workaround, consider disabling the gallery user interface or restricting access to the "OnlineViewing/galleries/" directory until a patch is available.