Description
A command injection vulnerability in the video thumbnail rendering component of files.photo.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 0.3.0, <= 0.11.0
References
Related Issues
- Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID) - CVE-2024-56334
- Command Injection in systeminformation - CVE-2020-26300
- Command Injection Vulnerability in systeminformation - CVE-2021-21388
- OS Command Injection in systeminformation - CVE-2020-7778
- Tags:
- npm
- files.photo.gallery
Anything's wrong? Let us know Last updated on February 06, 2025