Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CEWE PHOTO SHOW 6.4.3 Denial of Service via Password Field
Vulnerability Description
CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a large string of repeated characters into the password input during the upload process to trigger an application crash.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
在认证机制中使用口令哈希代替口令
Vulnerability Title
CEWE PHOTO SHOW 安全漏洞
Vulnerability Description
CEWE PHOTO SHOW是英国CEWE公司的一款照片展示软件。 CEWE PHOTO SHOW 6.4.3版本存在安全漏洞,该漏洞源于密码字段提交过长缓冲区,可能导致攻击者通过上传过程中在密码输入字段输入大量重复字符使应用程序崩溃,造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A