15 matches found
Exploit for OS Command Injection in Std42 Elfinder
CVE-2019-9194 — elFinder Command Injection PoC Command in...
CVE-2023-53981
PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a...
EUVD-2023-60243
PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a...
CVE-2023-53981
PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a...
CVE-2023-53981
PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a...
CVE-2023-53981 PhotoShow 3.0 Remote Code Execution via Exiftran Path Injection
PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a...
CVE-2023-53981 PhotoShow 3.0 Remote Code Execution via Exiftran Path Injection
PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a...
CVE-2023-53981
CVE-2023-53981 affects PhotoShow 3.0. The vulnerability is a remote code execution via exiftran path configuration, where an authenticated administrator could abuse ffmpeg configuration settings to run commands. Exploitation described involves base64-encoded reverse-shell commands embedded in a c...
PhotoShow 操作系统命令注入漏洞
PhotoShow is a free PHP web library from the individual developer Thibaud Rohmer. An operating system command injection vulnerability exists in PhotoShow version 3.0, which originates from allowing an authenticated administrator to inject malicious commands via the exiftran path configuration...
PT-2025-52718
Name of the Vulnerable Software and Affected Versions PhotoShow version 3.0 Description PhotoShow 3.0 contains a remote code execution issue that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuratio...
elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'elFinder PHP Connector exiftran Command Injection', 'Description' = %q This module exploits a command injection vulnerability in elFinder version...
elFinder PHP Connector < 2.1.48 - exiftran Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is...
elFinder PHP Connector exiftran Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'elFinder PHP Connector exiftran Command Injection', 'Description' = %q This module exploits a command injection vulnerability in elFinder version...
elFinder PHP Connector exiftran Command Injection
This module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is not...
elFinder Command Injection v<2.1.48
elFinder is an open-source file manager available as a web application. A command injection vulnerability in the image handling functionality exists for versions prior to 2.1.48. This exploit requires that the exiftran utility be installed. Recent assessments: space-r7 at May 09, 2019 5:57pm UTC...