CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
59.6%
Shutter provided by tenfourzero is a web package allowing users to share their photos. lib/admin.php in Shutter contains a SQL injection vulnerability.
If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed.
Uninstall the Software
According to the developer, the project is no longer being maintained and it is recommended to uninstall the software.
The developer states the following:
“As the project is not maintained it may be high unstable and insecure. You should therefore uninstall the software as soon as possible.”