Thibaud-Rohmer: >> Photoshow Security Vulnerabilities
PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a crafted video upload process.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-12-22