Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4166
The Contest Gallery WordPress plugin prior to 19.1.5.1, Contest Gallery Pro WordPress plugin prior to 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4_activate.php. This may allow malicious users with at least author privilege to le...
Contest-gallery Contest Gallery
NA
CVE-2022-36394
Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.
Contest-gallery Contest Gallery
668
VMScore
CVE-2002-2123
PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote malicious users to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter.
Gallery Project Gallery 1.3.2
668
VMScore
CVE-2002-2130
publish_xp_docs.php in Gallery 1.3.2 allows remote malicious users to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code.
Gallery Project Gallery 1.3.2
445
VMScore
CVE-2005-0220
Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote malicious users to inject arbitrary web script or HTML via the username field.
Gallery Project Gallery 1.4.4 Pl2
383
VMScore
CVE-2005-0221
Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote malicious users to inject arbitrary web script or HTML via the g2_form[subject] field.
Gallery Project Gallery 2.0 Alpha
445
VMScore
CVE-2005-0222
main.php in Gallery 2.0 Alpha allows remote malicious users to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message.
Gallery Project Gallery 2.0 Alpha
578
VMScore
CVE-2006-6347
Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. NOTE: this can be leveraged with CVE-2006-1412 to create a remote unauthenticated vector.
Tft Gallery Tft Gallery
668
VMScore
CVE-2010-4815
Coppermine gallery prior to 1.4.26 has an input validation vulnerability that allows for code execution.
Coppermine-gallery Coppermine Gallery
NA
CVE-2022-45848
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on WordPress.
Contest-gallery Contest Gallery
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »