CVE-2023-53981 PhotoShow 3.0 Remote Code Execution via Exiftran Path Injection

PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a...

PT-2024-11532 · Waneditor · Waneditor

Name of the Vulnerable Software and Affected Versions: wanEditor version 4.7.11 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability was discovered in the video upload function, allowing potential exploitation. Recommendations: For wanEditor version...