CNNVD-202512-3913 Information

CNNVD ID

CNNVD-202512-3913

Related CVE

CVE-2023-53981

• CNNVD Published: 2025-12-22

Description (Chinese)

PhotoShow是Thibaud Rohmer个人开发者的一个免费的PHP网页库。 PhotoShow 3.0版本存在操作系统命令注入漏洞，该漏洞源于允许经过身份验证的管理员通过exiftran路径配置注入恶意命令。

Description (English)

PhotoShow is a free PHP web site for Thibaud Rohmer personal developers. Version 3.0 of PhotoShow contains a loophole in the operating system command, which results from allowing a certified administrator to inject a malicious command through the exiftran path configuration.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

个人开发者

Published

2025-12-22

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/51236 https://www.vulncheck.com/advisories/photoshow-remote-code-execution-via-exiftran-path-injection https://lscp.llc/index.php/2021/07/19/how-white-box-hacking-works-remote-code-execution-and-stored-xss-in-photoshow-3-0/ https://github.com/thibaud-rohmer/PhotoShow https://access.redhat.com/security/cve/cve-2023-53981