Security Advisory

CVE-2019-25709

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-12 12:28:54

Last updated 2026-04-15 15:24:31

Assigner VulnCheck

State PUBLISHED

Description

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via the d parameter.

← Browse all CVEs View on cve.org ↗