CVE-2019-25552

HIGH

CEWE PHOTO SHOW 6.4.3 Denial of Service via Password Field

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25552. PoCs published by Alejandra Sánchez.

AI-analyzed exploit summary This Python script generates a buffer overflow payload (5000 'A' characters) to trigger a DoS in CEWE PHOTO SHOW 6.4.3 by pasting the content into the 'Password' field during upload. The exploit is straightforward and relies on a simple buffer overflow to crash the application.

Description

CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a large string of repeated characters into the password input during the upload process to trigger an application crash.

Exploits (1)

exploitdb WORKING POC

by Alejandra Sánchez · pythondoswindows

https://www.exploit-db.com/exploits/46861

View Code ZIP pw:eip

This Python script generates a buffer overflow payload (5000 'A' characters) to trigger a DoS in CEWE PHOTO SHOW 6.4.3 by pasting the content into the 'Password' field during upload. The exploit is straightforward and relies on a simple buffer overflow to crash the application.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: CEWE PHOTO SHOW 6.4.3

No auth needed

Prerequisites: CEWE PHOTO SHOW 6.4.3 installed on Windows · ability to paste clipboard content into the 'Password' field

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Mar 21, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-46861

https://www.exploit-db.com/exploits/46861

Product product

Official Product Homepage

https://cewe-photoworld.com/

Third Party Advisory third-party-advisory

VulnCheck Advisory: CEWE PHOTO SHOW 6.4.3 Denial of Service via Password Field

https://www.vulncheck.com/advisories/cewe-photo-show-denial-of-service-via-password-field

Scores

CVSS v3 7.5

EPSS 0.0040

EPSS Percentile 31.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-836

Status published

Products (2)

cewe/photo_show 6.4.3

Cewe-Photoworld/CEWE PHOTO SHOW 6.4.3

Published Mar 21, 2026

Tracked Since Mar 21, 2026