CVE-2004-1466
- EPSS 5.23%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:07:45
The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary script...
- EPSS 2.83%
- Veröffentlicht 06.08.2004 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:05:48
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.
CVE-2003-1227
- EPSS 6.66%
- Veröffentlicht 31.12.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:03:45
PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vul...
CVE-2003-0614
- EPSS 3.94%
- Veröffentlicht 27.08.2003 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:02:31
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
CVE-2002-1412
- EPSS 39.5%
- Veröffentlicht 11.04.2003 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:16
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.
CVE-2002-2130
- EPSS 1.59%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:00:42
publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code.
CVE-2002-2123
- EPSS 2.36%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:00:41
PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter.
CVE-2001-1234
- EPSS 3.5%
- Veröffentlicht 02.10.2001 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:55:51
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.