CVE-2007-4261

Name of the Vulnerable Software and Affected Versions EZPhotoSales versions 1.9.3 and earlier

Description The issue allows remote attackers to download sensitive files due to insufficient access control. This includes downloading a file with cleartext passwords via a direct request for "OnlineViewing/data/galleries.txt" or a file with username and password hashes via a direct request for "OnlineViewing/configuration/config.dat". The latter can be exploited for administrative access because authentication uses the username hash in the ConfigLogin parameter and the password hash in the ConfigPassword parameter.

Recommendations For EZPhotoSales versions 1.9.3 and earlier, restrict access to the "OnlineViewing/data/galleries.txt" and "OnlineViewing/configuration/config.dat" files to prevent unauthorized downloads. Additionally, consider modifying the authentication mechanism to require knowledge of cleartext values or implement an alternative secure authentication method. At the moment, there is no information about a newer version that contains a fix for this vulnerability.