Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery gallery vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0505
Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) prior to 1.4.15 allow remote malicious users to inject arbitrary web script or HTML via the (1) h and (2) t parameters.
Coppermine Coppermine Photo Gallery
Coppermine Coppermine Photo Gallery 1.4.11
Coppermine Coppermine Photo Gallery 1.4.12
Coppermine Coppermine Photo Gallery 1.4.13
Coppermine Coppermine Photo Gallery 1.4.10
NA
CVE-2006-2976
Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery prior to 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.
Coppermine Coppermine Photo Gallery 1.4.2
Coppermine Coppermine Photo Gallery 1.4.5
Coppermine Coppermine Photo Gallery 1.4.6
Coppermine Coppermine Photo Gallery 1.4.3
Coppermine Coppermine Photo Gallery 1.4.4
Coppermine Coppermine Photo Gallery 1.4 Beta
NA
CVE-2008-4338
SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL comm...
Vacilanda Brilliant Gallery 5
Vacilanda Brilliant Gallery 6
Vacilanda Brilliant Gallery
NA
CVE-2005-1172
Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote malicious users to inject arbitrary web script or HTML via the X-Forwarded-For parameter.
Coppermine Coppermine Photo Gallery 1.1 Beta 2
Coppermine Coppermine Photo Gallery 1.2
Coppermine Coppermine Photo Gallery 1.0 Rc3
Coppermine Coppermine Photo Gallery 1.2.2 B
Coppermine Coppermine Photo Gallery 1.2.1
Coppermine Coppermine Photo Gallery 1.3
Coppermine Coppermine Photo Gallery 1.1 .0
8.8
CVSSv3
CVE-2022-36394
Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.
Contest-gallery Contest Gallery
6.1
CVSSv3
CVE-2023-5307
The Photos and Files Contest Gallery WordPress plugin prior to 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.
Contest-gallery Contest Gallery
NA
CVE-2006-1126
Gallery 2 up to 2.0.2 allows remote malicious users to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.
Gallery Project Gallery 2.0.2
6.5
CVSSv3
CVE-2022-4159
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the cg_id POST parameter before concatenating it to an SQL query in 0_change-gallery.php. This may allow malicious users with at least author privilege to ...
Contest-gallery Contest Gallery
6.5
CVSSv3
CVE-2022-4162
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the cg_row POST parameter before concatenating it to an SQL query in 3_row-order.php. This may allow malicious users with at least author privilege to leak...
Contest-gallery Contest Gallery
6.5
CVSSv3
CVE-2022-4163
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the cg_deactivate and cg_activate POST parameters before concatenating it to an SQL query in 2_deactivate.php and 4_activate.php, respectively. This may al...
Contest-gallery Contest Gallery
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »