Ansel 1.2 through 2.0 uses insecure default permissions, which allows remote attackers to gain access to web readable directories.
CVSS Score
7.5
EPSS Score
0.007
Published
2004-12-31
SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter.
CVSS Score
7.5
EPSS Score
0.008
Published
2004-12-31
Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via the album name.
CVSS Score
4.3
EPSS Score
0.006
Published
2004-12-31