Vulnerabilities > Gallery Project > Gallery > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-22 | CVE-2012-4919 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gallery Project Gallery 1.4 Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability | 7.5 |
| 2004-12-31 | CVE-2004-1466 | Remote Server-Side Script Execution vulnerability in Gallery Project Gallery 1.4.4 The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root. | 7.5 |
| 2003-12-31 | CVE-2003-1227 | Code Injection vulnerability in Gallery Project Gallery 1.4/1.4Pl1 PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. | 7.5 |
| 2003-04-11 | CVE-2002-1412 | Remote File Include vulnerability in Bharat Mediratta Gallery Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script. | 7.5 |
| 2002-12-31 | CVE-2002-2130 | Remote Code Execution vulnerability in Gallery Project Gallery 1.3.2 publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2002-12-31 | CVE-2002-2123 | Remote Code Execution vulnerability in Gallery Project Gallery 1.3.2 PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter. | 7.5 |
| 2001-10-02 | CVE-2001-1234 | Remote Arbitrary Code Execution vulnerability in Gallery Project Gallery 1.1/1.2/1.2.1 Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable. | 7.5 |