Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery gallery vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2006-1126
Gallery 2 up to 2.0.2 allows remote malicious users to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.
Gallery Project Gallery 2.0.2
7.5
CVSSv2
CVE-2010-4815
Coppermine gallery prior to 1.4.26 has an input validation vulnerability that allows for code execution.
Coppermine-gallery Coppermine Gallery
NA
CVE-2022-4154
The Contest Gallery Pro WordPress plugin prior to 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges (i.e. on multisite WordPress configurations) ...
Contest-gallery Contest Gallery
NA
CVE-2022-4155
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privile...
Contest-gallery Contest Gallery
NA
CVE-2022-4159
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the cg_id POST parameter before concatenating it to an SQL query in 0_change-gallery.php. This may allow malicious users with at least author privilege to ...
Contest-gallery Contest Gallery
NA
CVE-2022-4160
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the cg_copy_id POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with a...
Contest-gallery Contest Gallery
NA
CVE-2022-4163
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the cg_deactivate and cg_activate POST parameters before concatenating it to an SQL query in 2_deactivate.php and 4_activate.php, respectively. This may al...
Contest-gallery Contest Gallery
NA
CVE-2022-4165
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the cg_order POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with...
Contest-gallery Contest Gallery
NA
CVE-2022-4166
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4_activate.php. This may allow malicious users with at least author privilege to le...
Contest-gallery Contest Gallery
4.3
CVSSv2
CVE-2005-0219
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote malicious users to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_...
Gallery Project Gallery 1.3.4 Pl1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »