VYPR
Vendor

Cs Gallery

Products
1
CVEs
8
Across products
8
Status
Private

Products

1

Recent CVEs

8
  • CVE-2002-1412Apr 11, 2003
    risk 0.06cvss epss 0.40

    Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.

  • CVE-2008-4484Oct 8, 2008
    risk 0.03cvss epss 0.03

    main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.

  • CVE-2008-4483Oct 8, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.

  • CVE-2007-1108Feb 26, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.

  • CVE-2005-3508Nov 6, 2005
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter.

  • CVE-2013-2241Oct 10, 2013
    risk 0.00cvss epss 0.02

    modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter.

  • CVE-2013-2240Oct 10, 2013
    risk 0.00cvss epss 0.02

    lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138.

  • CVE-2006-1696Apr 11, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.