VYPR

Simple Image Gallery

by Simple Image Gallery

CVEs (8)

  • CVE-2023-27040CriMar 16, 2023
    risk 0.64cvss 9.8epss 0.02

    Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the username parameter.

  • CVE-2021-38819HigNov 17, 2022
    risk 0.57cvss 8.8epss 0.01

    A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through "id" parameter on the album page.

  • CVE-2023-1416MedMar 15, 2023
    risk 0.41cvss 6.3epss 0.01

    A vulnerability classified as critical has been found in Simple Art Gallery 1.0. Affected is an unknown function of the file adminHome.php. The manipulation of the argument social_facebook leads to sql injection. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2023-1415MedMar 15, 2023
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in Simple Art Gallery 1.0. It has been declared as critical. This vulnerability affects the function sliderPicSubmit of the file adminHome.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-223126 is the…

  • CVE-2021-39313MedDec 14, 2021
    risk 0.40cvss 6.1epss 0.01

    The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.

  • CVE-2007-4127Aug 1, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in check_entry.php in Ralf Image Gallery (RIG), aka Raphael Moll RIG Image Gallery, 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir_abs_src parameter. NOTE: this issue is disputed by multiple third parties,…

  • CVE-2008-2675Jun 12, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in PHP Image Gallery allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-1698Apr 8, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in gallery.php in Simple Gallery 2.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third…