Homepage

files.photo.gallery@0.5.0 vulnerabilities

Single-file PHP file gallery and file manager / https://demo.files.gallery/

  • latest version

    0.12.1

  • latest non vulnerable version

    0.12.1

  • first published

    5 years ago

  • latest version published

    5 days ago

  • licenses detected

  • View files.photo.gallery package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the files.photo.gallery package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Arbitrary Command Injection

    files.photo.gallery is a Single-file PHP file gallery and file manager / https://demo.files.gallery/

    Affected versions of this package are vulnerable to Arbitrary Command Injection through the video thumbnail rendering component. If allow_upload and exec are enabled in config.php, and ffmpeg is in the PATH, a user can upload a malicious video file which will be executed upon rendering.

    How to fix Arbitrary Command Injection?

    Upgrade files.photo.gallery to version 0.10.0 or higher.

    >=0.3.0 <0.10.0
    Go back to all versions of this package