Vulnerabilities > Gallarific
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-01-20 | CVE-2011-0519 | SQL Injection vulnerability in Gallarific PHP Photo Gallery Script 2.1 SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gallery script 2.1 and possibly other versions allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-03-31 | CVE-2008-6567 | Cross-Site Scripting vulnerability in Gallarific Multiple cross-site scripting (XSS) vulnerabilities in Gallarific Free Edition allow remote attackers to inject arbitrary web script or HTML via (1) the e-mail address, (2) a comment, which is not properly handled during moderation, and (3) the tag parameter to gallery/tags.php. | 4.3 |
2008-03-24 | CVE-2008-1469 | Improper Authentication vulnerability in Gallarific 1.1 Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. | 6.4 |
2008-03-24 | CVE-2008-1464 | SQL Injection vulnerability in Gallarific 1.1 Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) query parameter to (a) search.php; (2) gusername and (3) gpassword parameters to (b) login.php; and the (4) username and (5) password parameters to (c) gadmin/index.php in a signin action. | 7.5 |
2008-03-13 | CVE-2008-1326 | Cross-Site Scripting vulnerability in Gallarific Cross-site scripting (XSS) vulnerability in search.php in Gallarific allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |