Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpwebgallery phpwebgallery 1.4.1 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2006-2041
PhpWebGallery prior to 1.6.0RC1 allows remote malicious users to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Phpwebgallery Phpwebgallery 1.5.1
Phpwebgallery Phpwebgallery 1.0
Phpwebgallery Phpwebgallery 1.4.1
4.3
CVSSv2
CVE-2006-3476
Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and previous versions, and possibly 1.6.0, allows remote malicious users to inject arbitrary web script or HTML via the keyword parameter.
Phpwebgallery Phpwebgallery 1.4.1
Phpwebgallery Phpwebgallery 1.5.1
Phpwebgallery Phpwebgallery 1.5.2
Phpwebgallery Phpwebgallery 1.6
Phpwebgallery Phpwebgallery 1.0
Phpwebgallery Phpwebgallery 1.1
1 EDB exploit
7.5
CVSSv2
CVE-2005-4228
Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) im...
Phpwebgallery Phpwebgallery 1.0
Phpwebgallery Phpwebgallery 1.5.0
Phpwebgallery Phpwebgallery 1.6.0
Phpwebgallery Phpwebgallery 1.7.0
Phpwebgallery Phpwebgallery 1.1
Phpwebgallery Phpwebgallery 1.3.1
Phpwebgallery Phpwebgallery
Phpwebgallery Phpwebgallery 1.6.1
Phpwebgallery Phpwebgallery 1.7.1
Phpwebgallery Phpwebgallery 1.6
Phpwebgallery Phpwebgallery 1.5.2
Phpwebgallery Phpwebgallery 1.3.2
Phpwebgallery Phpwebgallery 1.3.0
Phpwebgallery Phpwebgallery 1.3.4
Phpwebgallery Phpwebgallery 1.3.3
Phpwebgallery Phpwebgallery 1.2.1
Phpwebgallery Phpwebgallery 1.4.0
Phpwebgallery Phpwebgallery 1.6.2
Phpwebgallery Phpwebgallery 1.5.1
Phpwebgallery Phpwebgallery 1.4.1
3 EDB exploits
9
CVSSv2
CVE-2008-4645
plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and previous versions allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function.
Phpwebgallery Phpwebgallery 1.4.1
Phpwebgallery Phpwebgallery 1.1
Phpwebgallery Phpwebgallery 1.5.0
Phpwebgallery Phpwebgallery 1.6.0
Phpwebgallery Phpwebgallery 1.6.2
Phpwebgallery Phpwebgallery 1.3.4
Phpwebgallery Phpwebgallery 1.6.1
Phpwebgallery Phpwebgallery 1.3.2
Phpwebgallery Phpwebgallery 1.3.3
Phpwebgallery Phpwebgallery 1.5.2
Phpwebgallery Phpwebgallery 1.5.1
Phpwebgallery Phpwebgallery 1.3.0
Phpwebgallery Phpwebgallery 1.4.0
Phpwebgallery Phpwebgallery 1.7.0
Phpwebgallery Phpwebgallery 1.0
Phpwebgallery Phpwebgallery 1.2.1
Phpwebgallery Phpwebgallery 1.3.1
Phpwebgallery Phpwebgallery
Phpwebgallery Phpwebgallery 1.7.1
1 EDB exploit
7.5
CVSSv2
CVE-2006-1600
SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote malicious users to execute arbitrary SQL commands via the search parameter.
Phpwebgallery Phpwebgallery 1.4.1
2.6
CVSSv2
CVE-2006-1675
Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start paramete...
Phpwebgallery Phpwebgallery 1.4.1
2 EDB exploits
2.6
CVSSv2
CVE-2006-1674
Cross-site scripting (XSS) vulnerability in search.php in PHPWebGallery 1.4.1 allows remote malicious users to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675.
Phpwebgallery Phpwebgallery 1.4.1
4.3
CVSSv2
CVE-2007-1109
Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) dat...
Phpwebgallery Phpwebgallery
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started