Filtered by vendor Lycheeorg
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25807 | 1 Lycheeorg | 1 Lychee | 2025-05-28 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album. | |||||
| CVE-2024-25808 | 1 Lycheeorg | 1 Lychee | 2025-05-28 | N/A | 8.3 HIGH |
| Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function. | |||||
| CVE-2023-52082 | 1 Lycheeorg | 1 Lychee | 2024-11-21 | N/A | 8.8 HIGH |
| Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vulnerable to an SQL injection on any binding when using mysql/mariadb. This injection is only active for users with the `.env` settings set to DB_LOG_SQL=true and DB_LOG_SQL_EXPLAIN=true. The defaults settings of Lychee are safe. The patch is provided on version 5.0.2. To work around this issue, disable SQL EXPLAIN logging. | |||||
| CVE-2021-43675 | 1 Lycheeorg | 1 Lychee | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user. | |||||