Lucene search
HistoryJul 09, 2024 - 11:15 a.m.
CVE-2024-37442
cve-2024-37442
injection
photo gallery by ays
CVSS3
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
EPSS
0.001
Percentile
16.8%
Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This issue affects Photo Gallery by Ays: from n/a before 5.7.1.
Affected configurations
Node
ays-prophoto_galleryRange<5.7.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ays-pro | photo_gallery | * | cpe:2.3:a:ays-pro:photo_gallery:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
vulnrichment
vulnrichment
cve
cve
CVE-2024-37442
2024-07-09 11:15:14
wordfence
wordfence
CVSS3
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
EPSS
0.001
Percentile
16.8%
Related for NVD:CVE-2024-37442