CVE-2018-25294 HIGH

CVE-2018-25294: CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service

Vendor Cewe-Photoworld
Product CEWE Photoshow
Weakness CWE-120
Published April 26, 2026
Last update April 27, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.

Key dates

02Disclosure timeline

April 26, 2026 CVE published
April 27, 2026 Record updated