PSC
Company Details
Linkedin ID:
photoboothsupplyco
Employees number:
57
Number of followers:
5,874
NAICS:
54192
Industry Type:
Homepage:
photoboothsupplyco.com
IP Addresses:
0
Company ID:
PHO_9305855
Scan Status:
In-progress
Photobooth Supply Co Company CyberSecurity Posture
photoboothsupplyco.com
Photobooth Supply Co. is reinventing the idea of photobooths with open spaces, marketing tools, and elegant aesthetics that allow you to thrive. You might be a business looking to expand your marketing through data collection and social outreach. You might be an individual looking for a chance to establish a brand and chase the American dream of entrepreneurship. Photobooth Supply Co. can help you do it all with hardware and solutions The iconic Salsa photobooth brings a suite of tools for existing businesses. If you’re looking to expand your marketing efforts, you’ll be able to deploy a booth at a trade show and gather the email addresses of hundreds of smiling guests. Rather than being stuck with a business email or attempting to cold email a list, you can deliver a personalized message into the inbox of every passerby. If you’ve got a retail location, you can design a permanently installed booth with easy followup emails that suggest a visit to clients, survey capture, real-time brand engagement and more. Salsa provides brand engagement and social content at the highest level. Salsa is a perfect fit for someone beginning their journey of business ownership. Unlike a franchise, you don’t owe Photobooth Supply Co. any of your profits or success. This means that when you’re advertising any of the Salsa exclusive features instant uploads to an online live gallery, you’re keeping the money that each booking generates.
Photobooth Supply Co A.I CyberSecurity Scoring
PSC Risk Score (AI oriented)Between 650 and 699
PSC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
PSC Global Score (TPRM)XXXX
PSC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
PSC Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Photobooth Supply Co: Photo Booth Website Bug Exposed Thousands of Users’ Photos
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: **Photo Booth Vendor’s Security Flaw Exposed Thousands of Private Images and Videos** A security researcher, known as Zeacer, uncovered a critical vulnerability in a photo booth vendor’s website that left thousands of images and videos—including intimate moments and drunken party snapshots—publicly accessible without authentication. The flaw stemmed from insecure direct object references, where media files were served via predictable URLs, allowing attackers to enumerate and download entire galleries using simple scripts. The company had recently reduced file retention from two to three weeks to just 24 hours, limiting the volume of exposed content at any given time. However, this change did not prevent attackers from scraping daily uploads. At one point, over 1,000 images from a Melbourne-based photo booth service were visible, highlighting the scale of the risk. The incident underscores the dangers of broken access control, ranked by OWASP as the top web application security risk. Event photo booths often capture highly personal moments—weddings, corporate events, and private gatherings—where sensitive details like home addresses, children’s faces, or organizational affiliations may be inadvertently exposed. Even with short retention periods, scraped data remains permanently accessible to attackers. The financial and reputational consequences of such breaches can be severe. IBM’s *Cost of a Data Breach Report* estimates global breach costs in the multi-millions, while consumer-facing brands built on "shareable moments" face lasting reputational harm. The flaw likely resulted from common shortcuts in event-tech development, such as public object storage, client-side-only checks, and predictable URL patterns—issues that could have been mitigated with server-side protections like signed URLs, randomized IDs, and rate limiting. Regulatory risks also loom large. Under Australia’s privacy laws, businesses must proactively secure data and disclose breaches, while GDPR in the EU and UK imposes fines of up to 4% of global turnover for serious violations. The vendor’s role—as either a data processor or controller—determines specific compliance obligations, but minimizing retention and enforcing strict access controls are baseline requirements. Customers who used affected photo booths in the past month should assume potential exposure and request gallery deletions from vendors. Event organizers are advised to demand transparency from suppliers, including details on file retention, link security, and third-party audits like SOC 2 or ISO 27001. Contracts should explicitly address data processing terms and breach notification responsibilities. The incident reflects a broader trend in event tech, where rapid growth often outpaces security hardening. As web app vulnerabilities remain a leading cause of data breaches, basic safeguards—such as private-by-default storage and continuous logging—can prevent such exposures without requiring complex solutions. While the vendor’s retention reduction limits immediate risk, it does not replace proper authentication and authorization, leaving galleries vulnerable to persistent scraping.
PSC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for PSC
Incidents vs Photography Industry Average (This Year)
Photobooth Supply Co has 0.0% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Photobooth Supply Co has 29.87% more incidents than the average of all companies with at least one recorded incident.
Incident Types PSC vs Photography Industry Avg (This Year)
Photobooth Supply Co reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — PSC (X = Date, Y = Severity)
PSC cyber incidents detection timeline including parent company and subsidiaries
PSC Company Subsidiaries
Photobooth Supply Co. is reinventing the idea of photobooths with open spaces, marketing tools, and elegant aesthetics that allow you to thrive. You might be a business looking to expand your marketing through data collection and social outreach. You might be an individual looking for a chance to establish a brand and chase the American dream of entrepreneurship. Photobooth Supply Co. can help you do it all with hardware and solutions The iconic Salsa photobooth brings a suite of tools for existing businesses. If you’re looking to expand your marketing efforts, you’ll be able to deploy a booth at a trade show and gather the email addresses of hundreds of smiling guests. Rather than being stuck with a business email or attempting to cold email a list, you can deliver a personalized message into the inbox of every passerby. If you’ve got a retail location, you can design a permanently installed booth with easy followup emails that suggest a visit to clients, survey capture, real-time brand engagement and more. Salsa provides brand engagement and social content at the highest level. Salsa is a perfect fit for someone beginning their journey of business ownership. Unlike a franchise, you don’t owe Photobooth Supply Co. any of your profits or success. This means that when you’re advertising any of the Salsa exclusive features instant uploads to an online live gallery, you’re keeping the money that each booking generates.
Loading...
PSC Similar Companies
Lisa Barrie Photography
Wedding, portrait, event and underwater photography. Our mission is to produce high quality, striking and modern images at affordable prices, allowing you to come back time and time again. We’re a family run business based in Broxburn, West Lothian specialising in portrait, underwater, wedding
Noritsu America Corporation
Noritsu is a leading global manufacturer of professional high-quality digital imaging equipment, and a global provider of photo printing solutions to the retail, professional , law enforcement, specialty and other print-intensive markets. Founded in Japan as Noritsu Koki Co. Ltd., we were the f
Devon Cass Photography Studio
Hello, My name is Devon Cass and I am a NYC based photographer; make up artist, and author of the make up book Double Take, The Art of the Celebrity Makeover. When “DOUBLE TAKE” hit the bookstores I was so fortunate to be sought after by major TV talk shows and news magazines such as, The Vi
Natalie Jo Wedding Photography
ROMANTIC | NATURAL | TIMELESS As a Fine Art Film Photographer, it is so fulfilling and inspirational to meet a bride who loves elegance and who cherishes the artistry it takes to immortalize intimate and romantic moments. My heart skips a beat for natural light, carefully thought out details, intim
BizPix
We are one of the few Nashville-area portrait studios with a specialty in business and marketing portraits. The profile picture you include on LinkedIn or your website is often your first chance to convey confidence and professionalism. Why trust that first impression to a self-made iPhone photo!
Patricia Figurski Portraits
MY PASSION IS PEOPLE. I use my talent to especially empower women to feel confident and beautiful, to make them dignified. Therefore, my Glamour photography sessions are most important to me. I am also photographing women as mothers with their families (the Kids & Family photography sessions) and
.png)
PSC CyberSecurity News
December 15, 2025 02:57 AM
Asahi Considers Cybersecurity Overhaul After Attack
Asahi Group Holdings is weighing the creation of a new cybersecurity team following a disruptive ransomware attack in September.
December 15, 2025 02:55 AM
CyberCloak.Tech Unveils SMB Cybersecurity Guide to Decode the NIST CSF 2.0 Framework
Sioux City, Iowa — CyberCloak.Tech today released a new Small Business Cybersecurity Guide built to help organizations make sense of the...
December 15, 2025 01:21 AM
Asahi CEO Considers New Cybersecurity Team Amid Prolonged Ransomware Fallout
Asahi Group , Japan's largest brewer, is mulling establishing a dedicated cybersecurity team, Bloomberg News reported on Monday,...
December 15, 2025 01:18 AM
ServiceNow in advanced talks to acquire cybersecurity startup Armis for upto $7 billion, says report
After Alphabet and Palo Alto Networks each acquired cybersecurity firms, tech company ServiceNow Inc., is in advanced talks to buy Armis,...
December 15, 2025 01:08 AM
Watch Asahi CEO Eyes Cybersecurity Unit as Disruption Drags On
Asahi Group Holdings is elevating cybersecurity to a top management priority after a ransomware attack in late September crippled its...
December 14, 2025 11:10 PM
Ten Cybersecurity Predictions That Will Define 2026
The cybersecurity landscape is entering its most transformative period in decades. Artificial intelligence is accelerating attacks at...
December 14, 2025 11:00 PM
Asahi CEO Mulls New Cybersecurity Unit as Disruption Drags On
Asahi Group Holdings Ltd. is considering to create a new cybersecurity team after disruptions to operations and financial reporting from a...
December 14, 2025 09:02 PM
Hundreds of Scouts learn about cybersecurity at Air Force museum
When it comes to virtual safety, Scouting America leaders in Dayton and beyond want young people to be prepared.
December 14, 2025 06:26 PM
ServiceNow Weighs Landmark $7bn Armis Acquisition as Cybersecurity Becomes Core to Enterprise Platforms
ServiceNow is in advanced talks to acquire cybersecurity startup Armis in a deal that could be valued at as much as $7 billion, according to...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
PSC CyberSecurity History Information
Official Website of Photobooth Supply Co
The official website of Photobooth Supply Co is http://www.photoboothsupplyco.com.
Photobooth Supply Co’s AI-Generated Cybersecurity Score
According to Rankiteo, Photobooth Supply Co’s AI-generated cybersecurity score is 672, reflecting their Weak security posture.
How many security badges does Photobooth Supply Co’ have ?
According to Rankiteo, Photobooth Supply Co currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Photobooth Supply Co have SOC 2 Type 1 certification ?
According to Rankiteo, Photobooth Supply Co is not certified under SOC 2 Type 1.
Does Photobooth Supply Co have SOC 2 Type 2 certification ?
According to Rankiteo, Photobooth Supply Co does not hold a SOC 2 Type 2 certification.
Does Photobooth Supply Co comply with GDPR ?
According to Rankiteo, Photobooth Supply Co is not listed as GDPR compliant.
Does Photobooth Supply Co have PCI DSS certification ?
According to Rankiteo, Photobooth Supply Co does not currently maintain PCI DSS compliance.
Does Photobooth Supply Co comply with HIPAA ?
According to Rankiteo, Photobooth Supply Co is not compliant with HIPAA regulations.
Does Photobooth Supply Co have ISO 27001 certification ?
According to Rankiteo,Photobooth Supply Co is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Photobooth Supply Co
Photobooth Supply Co operates primarily in the Photography industry.
Number of Employees at Photobooth Supply Co
Photobooth Supply Co employs approximately 57 people worldwide.
Subsidiaries Owned by Photobooth Supply Co
Photobooth Supply Co presently has no subsidiaries across any sectors.
Photobooth Supply Co’s LinkedIn Followers
Photobooth Supply Co’s official LinkedIn profile has approximately 5,874 followers.
NAICS Classification of Photobooth Supply Co
Photobooth Supply Co is classified under the NAICS code 54192, which corresponds to Photographic Services.
Photobooth Supply Co’s Presence on Crunchbase
No, Photobooth Supply Co does not have a profile on Crunchbase.
Photobooth Supply Co’s Presence on LinkedIn
Yes, Photobooth Supply Co maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/photoboothsupplyco.
Cybersecurity Incidents Involving Photobooth Supply Co
As of December 15, 2025, Rankiteo reports that Photobooth Supply Co has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Photobooth Supply Co has an estimated 2,456 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Photobooth Supply Co ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Photobooth Supply Co detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with reduced file retention period from 2-3 weeks to ~24 hours..
Incident Details
Can you provide details on each incident ?
Title: Photo Booth Maker's Website Exposes Thousands of Images and Videos Due to Insecure Access Control
Description: A photo booth maker’s website with insecure media storage left thousands of images and videos accessible to the internet, including snaps of drunken revellers and intimate moments. The security lapse allowed unauthorized downloads of entire galleries without authentication due to predictable URLs and broken access control.
Type: Data Exposure
Attack Vector: Insecure Direct Object Reference (IDOR)
Vulnerability Exploited: Broken Access Control (OWASP Top 10)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Exposure PHO1765565027
Data Compromised: Thousands of images and videos, including personal and sensitive moments
Systems Affected: Photo booth website media storage and serving endpoint
Brand Reputation Impact: Significant reputational damage, especially for a consumer-facing brand predicated on 'shareable moments'
Legal Liabilities: Potential regulatory fines under GDPR, Australian Privacy Act, and other privacy laws
Identity Theft Risk: Exposure of personally identifiable information (e.g., home addresses, affiliations)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Images, Videos and .
Which entities were affected by each incident ?
Incident : Data Exposure PHO1765565027
Entity Type: Photo Booth Vendor
Industry: Event Technology
Customers Affected: Thousands of individuals, including event attendees (e.g., weddings, office parties, product launches)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Exposure PHO1765565027
Containment Measures: Reduced file retention period from 2-3 weeks to ~24 hours
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Exposure PHO1765565027
Type of Data Compromised: Images, Videos
Number of Records Exposed: Over 1,000 images at one stage (prior to retention change)
Sensitivity of Data: High (personal moments, identifiable individuals, potential PII)
Data Exfiltration: Possible via scraping scripts
File Types Exposed: ImagesVideos
Personally Identifiable Information: Yes (e.g., home addresses, affiliations, children)
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by reduced file retention period from 2-3 weeks to ~24 hours.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Exposure PHO1765565027
Regulations Violated: GDPR, Australian Privacy Act, Potential other regional privacy laws,
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Exposure PHO1765565027
Lessons Learned: Broken access control and insecure direct object references are critical vulnerabilities that can lead to large-scale data exposure. Security measures like private-by-default storage, time-limited links, randomized IDs, and server-side permission gates are essential to prevent such incidents.
What recommendations were made to prevent future incidents ?
Incident : Data Exposure PHO1765565027
Recommendations: Implement private-by-default storage for media files., Use time-limited and audience-restricted links with signed URLs or rotating tokens., Adopt randomized, unguessable IDs for media files., Enforce rate limiting to prevent unusual download bursts., Conduct regular penetration testing and security reviews., Minimize data retention periods., Ensure compliance with privacy regulations (e.g., GDPR, Australian Privacy Act)., Educate customers and event hosts on secure usage practices.Implement private-by-default storage for media files., Use time-limited and audience-restricted links with signed URLs or rotating tokens., Adopt randomized, unguessable IDs for media files., Enforce rate limiting to prevent unusual download bursts., Conduct regular penetration testing and security reviews., Minimize data retention periods., Ensure compliance with privacy regulations (e.g., GDPR, Australian Privacy Act)., Educate customers and event hosts on secure usage practices.Implement private-by-default storage for media files., Use time-limited and audience-restricted links with signed URLs or rotating tokens., Adopt randomized, unguessable IDs for media files., Enforce rate limiting to prevent unusual download bursts., Conduct regular penetration testing and security reviews., Minimize data retention periods., Ensure compliance with privacy regulations (e.g., GDPR, Australian Privacy Act)., Educate customers and event hosts on secure usage practices.Implement private-by-default storage for media files., Use time-limited and audience-restricted links with signed URLs or rotating tokens., Adopt randomized, unguessable IDs for media files., Enforce rate limiting to prevent unusual download bursts., Conduct regular penetration testing and security reviews., Minimize data retention periods., Ensure compliance with privacy regulations (e.g., GDPR, Australian Privacy Act)., Educate customers and event hosts on secure usage practices.Implement private-by-default storage for media files., Use time-limited and audience-restricted links with signed URLs or rotating tokens., Adopt randomized, unguessable IDs for media files., Enforce rate limiting to prevent unusual download bursts., Conduct regular penetration testing and security reviews., Minimize data retention periods., Ensure compliance with privacy regulations (e.g., GDPR, Australian Privacy Act)., Educate customers and event hosts on secure usage practices.Implement private-by-default storage for media files., Use time-limited and audience-restricted links with signed URLs or rotating tokens., Adopt randomized, unguessable IDs for media files., Enforce rate limiting to prevent unusual download bursts., Conduct regular penetration testing and security reviews., Minimize data retention periods., Ensure compliance with privacy regulations (e.g., GDPR, Australian Privacy Act)., Educate customers and event hosts on secure usage practices.Implement private-by-default storage for media files., Use time-limited and audience-restricted links with signed URLs or rotating tokens., Adopt randomized, unguessable IDs for media files., Enforce rate limiting to prevent unusual download bursts., Conduct regular penetration testing and security reviews., Minimize data retention periods., Ensure compliance with privacy regulations (e.g., GDPR, Australian Privacy Act)., Educate customers and event hosts on secure usage practices.Implement private-by-default storage for media files., Use time-limited and audience-restricted links with signed URLs or rotating tokens., Adopt randomized, unguessable IDs for media files., Enforce rate limiting to prevent unusual download bursts., Conduct regular penetration testing and security reviews., Minimize data retention periods., Ensure compliance with privacy regulations (e.g., GDPR, Australian Privacy Act)., Educate customers and event hosts on secure usage practices.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Broken access control and insecure direct object references are critical vulnerabilities that can lead to large-scale data exposure. Security measures like private-by-default storage, time-limited links, randomized IDs, and server-side permission gates are essential to prevent such incidents.
References
Where can I find more information about each incident ?
Incident : Data Exposure PHO1765565027
Source: Researcher Zeacer
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Researcher Zeacer.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Exposure PHO1765565027
Customer Advisories: Set galleries to private if possible.Turn off public sharing options.Request permanent deletion of galleries through vendor support.Avoid uploading sensitive information (e.g., IDs, addresses) to event galleries.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Set Galleries To Private If Possible., Turn Off Public Sharing Options., Request Permanent Deletion Of Galleries Through Vendor Support., Avoid Uploading Sensitive Information (E.G., Ids, Addresses) To Event Galleries. and .
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Exposure PHO1765565027
Root Causes: Predictable Media Urls Enabling Enumeration., Lack Of Server-Side Authentication And Authorization., Insecure Direct Object Reference (Idor) Vulnerability., Over-Reliance On Client-Side Checks For Access Control.,
Corrective Actions: Implement Server-Side Permission Gates (E.G., Signed Urls, Rotating Tokens)., Adopt Randomized, Unguessable Ids For Media Files., Enforce Private-By-Default Storage., Conduct Security Pre-Production Reviews And Regular Penetration Testing.,
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Implement Server-Side Permission Gates (E.G., Signed Urls, Rotating Tokens)., Adopt Randomized, Unguessable Ids For Media Files., Enforce Private-By-Default Storage., Conduct Security Pre-Production Reviews And Regular Penetration Testing., .
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Thousands of images and videos and including personal and sensitive moments.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Reduced file retention period from 2-3 weeks to ~24 hours.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Thousands of images and videos and including personal and sensitive moments.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.0K.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Broken access control and insecure direct object references are critical vulnerabilities that can lead to large-scale data exposure. Security measures like private-by-default storage, time-limited links, randomized IDs, and server-side permission gates are essential to prevent such incidents.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Educate customers and event hosts on secure usage practices., Conduct regular penetration testing and security reviews., Ensure compliance with privacy regulations (e.g., GDPR, Australian Privacy Act)., Implement private-by-default storage for media files., Use time-limited and audience-restricted links with signed URLs or rotating tokens., Minimize data retention periods., Adopt randomized, unguessable IDs for media files. and Enforce rate limiting to prevent unusual download bursts..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Researcher Zeacer.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Set galleries to private if possible.Turn off public sharing options.Request permanent deletion of galleries through vendor support.Avoid uploading sensitive information (e.g., IDs and addresses) to event galleries.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A weakness has been identified in itsourcecode Online Pet Shop Management System 1.0. This vulnerability affects unknown code of the file /pet1/addcnp.php. This manipulation of the argument cnpname causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited.
Risk Information
cvss2
Base: 2.6
Severity: HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss4
Base: 6.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of the argument stud_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument user_id leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=photoboothsupplyco' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
