Every CVE whose affected-product data names Sz-fujia Ourphoto, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-24187 — CVSS 7.5 (high): The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference…
CVE-2022-24188 — CVSS 7.5 (high): The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the…
CVE-2022-24190 — CVSS 7.5 (high): The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is…
CVE-2022-24189 — CVSS 6.5 (medium): The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value…