Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-24915
The Contest Gallery WordPress plugin prior to 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform S...
Contest Gallery Contest Gallery
9.8
CVSSv3
CVE-2021-40814
The Customer Photo Gallery addon prior to 2.9.4 for PrestaShop is vulnerable to SQL injection.
Mypresta Customer Photo Gallery
9.8
CVSSv3
CVE-2021-38753
An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app.
Simple Image Gallery Web App Project Simple Image Gallery Web App -
9.8
CVSSv3
CVE-2021-24139
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions prior to 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.
10web Photo Gallery
1 Github repository
9.8
CVSSv3
CVE-2013-3684
NextGEN Gallery plugin prior to 1.9.13 for WordPress: ngggallery.php file upload
Imagely Nextgen Gallery
1 EDB exploit
9.8
CVSSv3
CVE-2010-4815
Coppermine gallery prior to 1.4.26 has an input validation vulnerability that allows for code execution.
Coppermine-gallery Coppermine Gallery
9.8
CVSSv3
CVE-2012-4919
Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability
Gallery Project Gallery 1.4
9.8
CVSSv3
CVE-2016-11018
An issue exists in the Huge-IT gallery-images plugin prior to 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback().
Huge-it Image Gallery
9.8
CVSSv3
CVE-2019-16119
SQL injection in the photo-gallery (10Web Photo Gallery) plugin prior to 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
10web Photo Gallery
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2019-14314
A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin prior to 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote malicious user to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display...
Imagely Nextgen Gallery
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »