Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery gallery vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-4159
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the cg_id POST parameter before concatenating it to an SQL query in 0_change-gallery.php. This may allow malicious users with at least author privilege to ...
Contest-gallery Contest Gallery
6.5
CVSSv3
CVE-2022-4160
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the cg_copy_id POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with a...
Contest-gallery Contest Gallery
6.5
CVSSv3
CVE-2022-4162
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the cg_row POST parameter before concatenating it to an SQL query in 3_row-order.php. This may allow malicious users with at least author privilege to leak...
Contest-gallery Contest Gallery
6.5
CVSSv3
CVE-2022-4163
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the cg_deactivate and cg_activate POST parameters before concatenating it to an SQL query in 2_deactivate.php and 4_activate.php, respectively. This may al...
Contest-gallery Contest Gallery
6.5
CVSSv3
CVE-2022-4165
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the cg_order POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with...
Contest-gallery Contest Gallery
6.5
CVSSv3
CVE-2022-4166
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4_activate.php. This may allow malicious users with at least author privilege to le...
Contest-gallery Contest Gallery
9.8
CVSSv3
CVE-2010-4815
Coppermine gallery prior to 1.4.26 has an input validation vulnerability that allows for code execution.
Coppermine-gallery Coppermine Gallery
NA
CVE-2002-2123
PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote malicious users to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter.
Gallery Project Gallery 1.3.2
NA
CVE-2002-2130
publish_xp_docs.php in Gallery 1.3.2 allows remote malicious users to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code.
Gallery Project Gallery 1.3.2
NA
CVE-2006-1126
Gallery 2 up to 2.0.2 allows remote malicious users to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.
Gallery Project Gallery 2.0.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »