Description
A command injection vulnerability in the video thumbnail rendering component of files.photo.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 0.3.0, <= 0.11.0
References
Related Issues
- Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID) - CVE-2024-56334
- systeminformation has a Command Injection vulnerability in fsSize() function on Windows - CVE-2025-68154
- squirrelly Code Injection vulnerability - CVE-2024-40453
- WebdriverIO BrowserStack Service has a Command Injection issue - CVE-2026-25244
You might also like:
- Tags:
- npm
- files.photo.gallery
Anything's wrong? Let us know Last updated on February 06, 2025


