Phpwebgallery

Phpwebgallery

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2008-4702

  • EPSS 3.3%
  • Veröffentlicht 22.10.2008 22:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) user[language] and (2) user[template] parameters to (a) init.inc.php, and (b) the us...

9

CVE-2008-4645

  • EPSS 2.19%
  • Veröffentlicht 22.10.2008 00:11:50
  • Zuletzt bearbeitet 09.04.2025 00:30:58

plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function.

4.3

CVE-2008-4591

  • EPSS 3.13%
  • Veröffentlicht 16.10.2008 18:00:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters.

4

CVE-2008-3451

  • EPSS 0.34%
  • Veröffentlicht 04.08.2008 19:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile.

4.3

CVE-2007-5012

  • EPSS 0.29%
  • Veröffentlicht 20.09.2007 21:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in picture.php in PhpWebGallery 1.7.0, when Comments for all is enabled, allows remote attackers to inject arbitrary web script or HTML via the author parameter. NOTE: the provenance of this information is un...

4.3

CVE-2007-1109

  • EPSS 0.57%
  • Veröffentlicht 26.02.2007 17:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, ...

4.3

CVE-2006-3476

Exploit
  • EPSS 0.7%
  • Veröffentlicht 10.07.2006 20:05:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

5

CVE-2006-2041

  • EPSS 0.35%
  • Veröffentlicht 26.04.2006 18:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party info...

2.6

CVE-2006-1674

Exploit
  • EPSS 0.35%
  • Veröffentlicht 10.04.2006 19:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675.

2.6

CVE-2006-1675

Exploit
  • EPSS 0.56%
  • Veröffentlicht 10.04.2006 19:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata...