Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery gallery vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2008-0505
Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) prior to 1.4.15 allow remote malicious users to inject arbitrary web script or HTML via the (1) h and (2) t parameters.
Coppermine Coppermine Photo Gallery 1.4.10
Coppermine Coppermine Photo Gallery 1.4.13
Coppermine Coppermine Photo Gallery
Coppermine Coppermine Photo Gallery 1.4.11
Coppermine Coppermine Photo Gallery 1.4.12
534
VMScore
CVE-2008-4338
SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL comm...
Vacilanda Brilliant Gallery 5
Vacilanda Brilliant Gallery 6
Vacilanda Brilliant Gallery
605
VMScore
CVE-2019-5974
Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions before 10.4.5 allows remote malicious users to hijack the authentication of administrators via unspecified vectors.
Contest-gallery Contest Gallery
NA
CVE-2022-36394
Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.
Contest-gallery Contest Gallery
668
VMScore
CVE-2021-24915
The Contest Gallery WordPress plugin prior to 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform S...
Contest Gallery Contest Gallery
NA
CVE-2023-5307
The Photos and Files Contest Gallery WordPress plugin prior to 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.
Contest-gallery Contest Gallery
NA
CVE-2023-28784
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 21.1.2 versions.
Contest-gallery Contest Gallery
NA
CVE-2022-4150
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the option_id POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users wit...
Contest-gallery Contest Gallery
NA
CVE-2022-4154
The Contest Gallery Pro WordPress plugin prior to 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges (i.e. on multisite WordPress configurations) ...
Contest-gallery Contest Gallery
NA
CVE-2022-4155
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privile...
Contest-gallery Contest Gallery
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »