Vulnerabilities > Gallarific > Gallarific
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-03-31 | CVE-2008-6567 | Cross-Site Scripting vulnerability in Gallarific Multiple cross-site scripting (XSS) vulnerabilities in Gallarific Free Edition allow remote attackers to inject arbitrary web script or HTML via (1) the e-mail address, (2) a comment, which is not properly handled during moderation, and (3) the tag parameter to gallery/tags.php. | 4.3 |
2008-03-24 | CVE-2008-1469 | Improper Authentication vulnerability in Gallarific 1.1 Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. | 6.4 |
2008-03-24 | CVE-2008-1464 | SQL Injection vulnerability in Gallarific 1.1 Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) query parameter to (a) search.php; (2) gusername and (3) gpassword parameters to (b) login.php; and the (4) username and (5) password parameters to (c) gadmin/index.php in a signin action. | 7.5 |
2008-03-13 | CVE-2008-1326 | Cross-Site Scripting vulnerability in Gallarific Cross-site scripting (XSS) vulnerability in search.php in Gallarific allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |