files.photo.gallery command injection

Description

A command injection vulnerability in the video thumbnail rendering component of files.photo.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file.

Recommendation

No fix is available yet. Followings are affected versions:

• >= 0.3.0, <= 0.11.0

References

• GHSA-5wjw-qjhm-v43h
• CVE-2024-53615
• CWE-77
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID) - CVE-2024-56334
• Injection and Command Injection in devcert - CVE-2020-8186
• OS Command Injection in GenieACS - CVE-2021-46704
• Command Injection Vulnerability in systeminformation - CVE-2021-21388

You might also like:

How do hackers hack websites?

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

files.photo.gallery