CVE-2019-14467

Name of the Vulnerable Software and Affected Versions Social Photo Gallery plugin version 1.0

Description The issue allows remote code execution by creating an album and attaching a malicious PHP file in the cover photo album. This is possible because the file extension is not checked, enabling an attacker to execute arbitrary code.

Recommendations For Social Photo Gallery plugin version 1.0, consider disabling the album creation feature until a patch is available to prevent remote code execution. Restrict access to uploading files, especially PHP files, to minimize the risk of exploitation.