Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery project vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-34257
Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image.
Wpanel Cms Project Wpanel Cms
8.8
CVSSv3
CVE-2020-28687
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote malicious users to upload arbitrary files.
Artworks Gallery In Php\\, Css\\, Javascript\\, And Mysql Project Artworks Gallery In Php\\, Css\\, Javascript\\, And Mysql 1.0
8.8
CVSSv3
CVE-2020-28688
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote malicious users to upload arbitrary files.
Artworks Gallery In Php\\, Css\\, Javascript\\, And Mysql Project Artworks Gallery In Php\\, Css\\, Javascript\\, And Mysql 1.0
7.6
CVSSv3
CVE-2020-15135
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Dou...
Save-server Project Save-server
7.5
CVSSv3
CVE-2015-9483
The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote malicious users to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_...
Invento \\/ Architecture Building Agency Template Project Invento \\/ Architecture Building Agency Template
7.5
CVSSv3
CVE-2015-5682
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote malicious users to create arbitrary directories via vectors related to the targetDir variable.
Powerplay Gallery Project Powerplay Gallery 3.3
7.5
CVSSv3
CVE-2015-1000007
Remote file download vulnerability in wptf-image-gallery v1.03
Wptf-image-gallery Project Wptf-image-gallery 1.03
7.2
CVSSv3
CVE-2016-10940
The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.
Zm-gallery Project Zm-gallery 1.0
6.1
CVSSv3
CVE-2014-125096
A vulnerability was found in Fancy Gallery Plugin 1.5.12 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file class.options.php of the component Options Page. The manipulation leads to cross site scripting. The ...
Fancy Gallery Project Fancy Gallery
6.1
CVSSv3
CVE-2023-23161
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.
Phpgurukul Art Gallery Management System 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »