An unauthenticated remote access vulnerability in CF Image Hosting Script 1.6.5 allows attackers to fully compromise the application database and manipulate hosted content.

This vulnerability is an improper access control flaw where the imgdb.db file is exposed, allowing unauthenticated attackers to download and deserialize the database to extract sensitive delete IDs.

Successful exploitation results in full database compromise and unauthorized destruction of all hosted images. Given the CVSS score of 9.8, this represents a critical risk of complete data loss and total service disruption, likely leading to significant reputational damage and loss of user trust.

Immediate Action: Upgrade to a patched version of the software if available or remove the imgdb.db file from the public web directory.

Proactive Monitoring: Monitor web server logs for unauthorized access requests targeting the /upload/data/imgdb.db file.

Compensating Controls: Configure web server permissions to deny all external access to the /upload/data/ directory and implement WAF rules to block access to .db files.

Public Exploit Available: Unknown

The severity of this vulnerability necessitates immediate remediation. Administrators should ensure the application database is not accessible via the web and apply all available security updates to prevent unauthorized data exfiltration and content deletion.