2 matches found
CVE-2008-6089
CVE-2008-6089 describes a directory traversal in the ScriptsEz Easy Image Downloader, specifically in the download action that uses main.php. The vulnerability allows an attacker to read arbitrary files by supplying ".." in the id parameter, enabling remote access to non‑intended files. The avail...
CVE-2009-2551
CVE-2009-2551 describes multiple XSS vulnerabilities in ScriptsEz Easy Image Downloader. The issue is triggered via the id parameter in a detail action to main.php (and possibly demo_page.php), allowing remote script/HTML injection. The provided documents do not include product versions, affected...