CVE-2026-24381

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions PhotoMe versions prior to 5.7.2

Description A Server-Side Request Forgery (SSRF) vulnerability exists in ThemeGoods PhotoMe. This allows for Server Side Request Forgery. The vulnerability allows an attacker to make requests on behalf of the server, potentially accessing internal resources or performing actions with the server's privileges.

Recommendations Update PhotoMe to version 5.7.2 or later.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-24381

Affected Products

Photome

CVE-2026-24381

Weakness Enumeration

Related Identifiers

Affected Products

References · 3