EZPhotoSales 1.9.3 and earlier has a default βadminβ account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username.
securityreason.com/securityalert/2985
www.airscanner.com/security/07080601_ezphotosales.htm
www.informit.com/guides/content.asp?g=security&seqNum=267
www.informit.com/guides/content.asp?g=security&seqNum=268
www.securityfocus.com/archive/1/475678/100/0/threaded
exchange.xforce.ibmcloud.com/vulnerabilities/35837