Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0505
Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) prior to 1.4.15 allow remote malicious users to inject arbitrary web script or HTML via the (1) h and (2) t parameters.
Coppermine Coppermine Photo Gallery 1.4.10
Coppermine Coppermine Photo Gallery 1.4.13
Coppermine Coppermine Photo Gallery
Coppermine Coppermine Photo Gallery 1.4.11
Coppermine Coppermine Photo Gallery 1.4.12
9.8
CVSSv3
CVE-2010-4815
Coppermine gallery prior to 1.4.26 has an input validation vulnerability that allows for code execution.
Coppermine-gallery Coppermine Gallery
9.8
CVSSv3
CVE-2021-24915
The Contest Gallery WordPress plugin prior to 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform S...
Contest Gallery Contest Gallery
NA
CVE-2007-1108
PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.
Cs-gallery Cs-gallery
1 EDB exploit
6.5
CVSSv3
CVE-2022-4162
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the cg_row POST parameter before concatenating it to an SQL query in 3_row-order.php. This may allow malicious users with at least author privilege to leak...
Contest-gallery Contest Gallery
6.5
CVSSv3
CVE-2022-4164
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the cg_multiple_files_for_post POST parameter before concatenating it to an SQL query in 0_change-gallery.php. This may allow malicious users with at least...
Contest-gallery Contest Gallery
6.5
CVSSv3
CVE-2022-4165
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the cg_order POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with...
Contest-gallery Contest Gallery
6.5
CVSSv3
CVE-2022-4166
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4_activate.php. This may allow malicious users with at least author privilege to le...
Contest-gallery Contest Gallery
NA
CVE-2006-6347
Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. NOTE: this can be leveraged with CVE-2006-1412 to create a remote unauthenticated vector.
Tft Gallery Tft Gallery
NA
CVE-2005-0219
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote malicious users to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_...
Gallery Project Gallery 1.3.4 Pl1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »