CVE-2002-1867

Name of the Vulnerable Software and Affected Versions BizDesign ImageFolio versions 2.23 through 2.26

Description The default configuration of the software does not control access to certain API endpoints, such as "admin/setup.cgi" and "admin/nph-build.cgi". This allows remote attackers to create an administrative account or cause a denial of service by consuming CPU resources.

Recommendations For versions 2.23 through 2.26, restrict access to the "admin/setup.cgi" and "admin/nph-build.cgi" API endpoints to prevent unauthorized account creation and denial of service attacks. Consider temporarily disabling these endpoints until a proper fix is applied.