CVE-2024-37442 | THREATINT

Description

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This issue affects Photo Gallery by Ays: from n/a before 5.7.1.

PUBLISHED Reserved 2024-06-09 | Published 2024-07-09 | Updated 2024-08-02 | Assigner Patchstack

LOW: 3.8CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

Problem types

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Product status

Default status

unaffected

Any version before 5.7.1

affected

Credits

Ibnu Ubaeydillah (Patchstack Alliance) finder

References

patchstack.com/...7-1-html-injection-vulnerability?_s_id=cve vdb-entry

cve.org (CVE-2024-37442)

nvd.nist.gov (CVE-2024-37442)

Download JSON