Vulnerabilities > Phpwebgallery
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-22 | CVE-2008-4702 | Path Traversal vulnerability in PHPwebgallery 1.3.4 Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2008-10-22 | CVE-2008-4645 | Code Injection vulnerability in PHPwebgallery plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function. | 9.0 |
| 2008-10-16 | CVE-2008-4591 | Cross-Site Scripting vulnerability in PHPwebgallery 1.3.4 Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters. | 4.3 |
| 2008-08-04 | CVE-2008-3451 | Information Exposure vulnerability in PHPwebgallery 1.7.0/1.7.1 PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile. | 4.0 |
| 2007-09-20 | CVE-2007-5012 | Cross-Site Scripting vulnerability in PHPwebgallery 1.7.0 Cross-site scripting (XSS) vulnerability in picture.php in PhpWebGallery 1.7.0, when Comments for all is enabled, allows remote attackers to inject arbitrary web script or HTML via the author parameter. | 4.3 |
| 2007-02-26 | CVE-2007-1109 | Cross-Site Scripting vulnerability in PHPwebgallery Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. | 4.3 |
| 2006-07-10 | CVE-2006-3476 | Cross-Site Scripting vulnerability in PHPWebGallery Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. network phpwebgallery | 4.3 |
| 2006-04-26 | CVE-2006-2041 | Remote Security vulnerability in PHPwebgallery 1.0/1.4.1/1.5.1 PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. | 5.0 |
| 2006-04-10 | CVE-2006-1675 | Cross-Site Scripting vulnerability in PHPwebgallery 1.4.1 Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start parameters to (b) picture.php, a different vulnerability than CVE-2006-1674. | 2.6 |
| 2006-04-10 | CVE-2006-1674 | Cross-Site Scripting vulnerability in PHPwebgallery 1.4.1 Cross-site scripting (XSS) vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675. | 2.6 |