{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25552", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-21T12:29:06.207Z", "datePublished": "2026-03-21T12:46:55.073Z", "dateUpdated": "2026-03-23T16:55:40.662Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-21T12:46:55.073Z"}, "title": "CEWE PHOTO SHOW 6.4.3 Denial of Service via Password Field", "descriptions": [{"lang": "en", "value": "CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a large string of repeated characters into the password input during the upload process to trigger an application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use of Password Hash Instead of Password for Authentication", "cweId": "CWE-836", "type": "CWE"}]}], "affected": [{"vendor": "Cewe-Photoworld", "product": "CEWE PHOTO SHOW", "versions": [{"version": "6.4.3", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46861", "name": "ExploitDB-46861", "tags": ["exploit"]}, {"url": "https://cewe-photoworld.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: CEWE PHOTO SHOW 6.4.3 Denial of Service via Password Field", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/cewe-photo-show-denial-of-service-via-password-field"}], "credits": [{"lang": "en", "value": "Alejandra S\u00e1nchez", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-05-17T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T16:54:39.683155Z", "id": "CVE-2019-25552", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:55:40.662Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25552", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T16:54:39.683155Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:52:22.393Z"}}], "cna": {"title": "CEWE PHOTO SHOW 6.4.3 Denial of Service via Password Field", "credits": [{"lang": "en", "type": "finder", "value": "Alejandra S\u00e1nchez"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cewe-Photoworld", "product": "CEWE PHOTO SHOW", "versions": [{"status": "affected", "version": "6.4.3"}]}], "datePublic": "2019-05-17T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46861", "name": "ExploitDB-46861", "tags": ["exploit"]}, {"url": "https://cewe-photoworld.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/cewe-photo-show-denial-of-service-via-password-field", "name": "VulnCheck Advisory: CEWE PHOTO SHOW 6.4.3 Denial of Service via Password Field", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a large string of repeated characters into the password input during the upload process to trigger an application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-836", "description": "Use of Password Hash Instead of Password for Authentication"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-21T12:46:55.073Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25552", "state": "PUBLISHED", "dateUpdated": "2026-03-23T16:55:40.662Z", "dateReserved": "2026-03-21T12:29:06.207Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-21T12:46:55.073Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cewe:photo_show:6.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "9DF9234C-8F74-4815-A17E-4A711B213FE4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a large string of repeated characters into the password input during the upload process to trigger an application crash."}, {"lang": "es", "value": "CEWE PHOTO SHOW 6.4.3 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a los atacantes bloquear la aplicaci\u00f3n al enviar un b\u00fafer excesivamente largo al campo de contrase\u00f1a. Los atacantes pueden pegar una cadena larga de caracteres repetidos en la entrada de contrase\u00f1a durante el proceso de carga para provocar un bloqueo de la aplicaci\u00f3n."}], "id": "CVE-2019-25552", "lastModified": "2026-04-10T01:20:49.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-21T13:16:17.507", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://cewe-photoworld.com/"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46861"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/cewe-photo-show-denial-of-service-via-password-field"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-836"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.4.3"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "CEWE PHOTO SHOW", "source": "cna", "vendor": "Cewe-Photoworld"}, "product": "cewe_photo_show", "vendor": "cewe-photoworld"}], "analysis": {"en": {"generated_at": "2026-03-21T15:23:07.906113+00:00", "value": {"mitigation_remediation": ["Check Cewe-Photoworld\u2019s website for a patch or update for CEWE PHOTO SHOW 6.4.3 and install it immediately."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "CEWE PHOTO SHOW version 6.4.3 from Cewe-Photoworld is affected. No other versions are listed in the CVE data.", "description_and_impact": "A user\u2011provided password field during the upload process is processed without proper length validation, allowing an attacker to supply an excessively long string of repeated characters. This input causes the application to crash, resulting in a denial of service that disrupts photo management and sharing for users. The weakness lies in input handling, mapped to CWE-836.", "risk_and_exploitability": "The CVSS score of 8.7 indicates a high severity. EPSS is not available and the flaw is not listed in CISA\u2019s KEV catalog. The attack vector is inferred to be local or during the upload process, as the description references the password input at upload time. Exploitation requires only the submission of a long password string, implying a straightforward but potentially disruptive threat."}}}}, "created": "2026-03-23T09:49:27.557056+00:00", "updated": "2026-03-25T14:47:30.844571+00:00", "vendors": ["cewe-photoworld", "cewe-photoworld$PRODUCT$cewe_photo_show"]}