Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2015-5599
Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) albumid or (2) name parameter.
Powerplay Gallery Project Powerplay Gallery 3.3
7.5
CVSSv2
CVE-2015-5681
Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/bi...
Wpslideshow Powerplay Gallery 3.3
7.5
CVSSv2
CVE-2015-4133
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin prior to 3.1.4 for WordPress allows remote malicious users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to t...
Reflex Gallery Project Reflex Gallery
1 EDB exploit
7.5
CVSSv2
CVE-2015-2065
SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin prior to 2.8 for WordPress allows remote malicious users to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php.
Apptha Wordpress Video Gallery
1 EDB exploit
7.5
CVSSv2
CVE-2015-1055
SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote malicious users to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php.
10web Photo Gallery 1.2.7
7.5
CVSSv2
CVE-2014-9097
Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed prior to 2014-07-23, for WordPress allow (1) remote malicious users to execute arbitrary SQL commands via the vid parameter in a myextract actio...
Apptha Contus Video Gallery 2.5
2 EDB exploits
7.5
CVSSv2
CVE-2014-6289
The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension prior to 3.0.1 and Tools for Extbase development (pt_extbase) extension prior to 1.5.1 allows remote malicious users to bypass access restrictions and execute arbitrary controller actions via unspecified v...
Daniel Lienert Yet Another Gallery
Michael Knoll Tools For Extbase Developmen
7.5
CVSSv2
CVE-2014-5201
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote malicious users to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php.
Gallery Objects Project Gallery Objects 0.4
1 EDB exploit
7.5
CVSSv2
CVE-2012-6653
Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin prior to 1.2.0 for WordPress has unspecified impact and attack vectors.
All Video Gallery Plugin Project All Video Gallery Plugin 1.0.0
All Video Gallery Plugin Project All Video Gallery Plugin
1 EDB exploit
7.5
CVSSv2
CVE-2014-4960
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x up to and including 4.1.7, and possibly 3.x, for Joomla! allow remote malicious users to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter t...
Joomlaboat Com Youtubegallery 4.1.4
Joomlaboat Com Youtubegallery 4.1.3
Joomlaboat Com Youtubegallery 4.1.2
Joomlaboat Com Youtubegallery 4.1.1
Joomlaboat Com Youtubegallery 3.9.2
Joomlaboat Com Youtubegallery 3.9.0
Joomlaboat Com Youtubegallery 4.0.0
Joomlaboat Com Youtubegallery 3.9.9
Joomlaboat Com Youtubegallery 3.9.8
Joomlaboat Com Youtubegallery 3.9.7
Joomlaboat Com Youtubegallery 4.1.7
Joomlaboat Com Youtubegallery 4.1.5
Joomlaboat Com Youtubegallery 4.1.0
Joomlaboat Com Youtubegallery 4.0.8
Joomlaboat Com Youtubegallery 4.0.1
Joomlaboat Com Youtubegallery 3.9.6
Joomlaboat Com Youtubegallery 3.9.4
Joomlaboat Com Youtubegallery 4.1.6
Joomlaboat Com Youtubegallery 4.0.9
Joomlaboat Com Youtubegallery 4.0.2
Joomlaboat Com Youtubegallery 3.9.5
Joomlaboat Com Youtubegallery 3.9.3
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »