LSCP Responsible Disclosure Lab

1 exploit Active since Dec 2025
CVE-2023-53981 EXPLOITDB HIGH python WORKING POC
PhotoShow 3.0 - Authenticated Remote Code Execution via Exiftran Path Injection
PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a crafted video upload process.
CVSS 7.2