CVE-2024-53617

Name of the Vulnerable Software and Affected Versions LibrePhotos versions prior to commit 32237

Description A Cross Site Scripting issue allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload. This is achieved by exploiting the file upload functionality, enabling attackers to gain control of any account.

Recommendations For versions prior to commit 32237, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting file uploads to prevent potential exploitation. Avoid using the file upload feature until the issue is resolved.