Cs Gallery
Products
1- 8 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1412 | 0.06 | — | 0.40 | Apr 11, 2003 | Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script. | |||
| CVE-2008-4484 | 0.03 | — | 0.03 | Oct 8, 2008 | main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php. | |||
| CVE-2008-4483 | 0.03 | — | 0.02 | Oct 8, 2008 | Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter. | |||
| CVE-2007-1108 | 0.03 | — | 0.03 | Feb 26, 2007 | PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action. | |||
| CVE-2005-3508 | 0.03 | — | 0.01 | Nov 6, 2005 | SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter. | |||
| CVE-2013-2241 | 0.00 | — | 0.02 | Oct 10, 2013 | modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter. | |||
| CVE-2013-2240 | 0.00 | — | 0.02 | Oct 10, 2013 | lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138. | |||
| CVE-2006-1696 | 0.00 | — | 0.01 | Apr 11, 2006 | Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |
- CVE-2002-1412Apr 11, 2003risk 0.06cvss —epss 0.40
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.
- CVE-2008-4484Oct 8, 2008risk 0.03cvss —epss 0.03
main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.
- CVE-2008-4483Oct 8, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.
- CVE-2007-1108Feb 26, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.
- CVE-2005-3508Nov 6, 2005risk 0.03cvss —epss 0.01
SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter.
- CVE-2013-2241Oct 10, 2013risk 0.00cvss —epss 0.02
modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter.
- CVE-2013-2240Oct 10, 2013risk 0.00cvss —epss 0.02
lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138.
- CVE-2006-1696Apr 11, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.