vendor:
Folder Gallery
by:
ThE dE@Th <<{AsB-MaY DiScOvEr ExPlIoTs TeAm}>>
7.5
CVSS
HIGH
Remote Code Execution
Not mentioned
CWE
Product Name: Folder Gallery
Affected Version From: JV2 Folder Gallery 3.0.2
Affected Version To: Not mentioned
Patch Exists: NO
Related CWE: Not mentioned
CPE: Not mentioned
Platforms Tested: Not mentioned
2007
Folder Gallery Remote Code Execution
The vulnerability allows remote attackers to execute arbitrary code on the target system by injecting a malicious shell command through the 'galleryfilesdir' parameter in the template.php file of JV2 Folder Gallery. This can be exploited to gain unauthorized access to the system or perform other malicious activities.
Mitigation:
Update to the latest version of JV2 Folder Gallery or apply any patches or security updates provided by the vendor. Remove any unnecessary or unused functionality from the application to reduce the attack surface.