Vulnerabilities > Uapplication > Uphotogallery > 1.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-07 | CVE-2007-0815 | HTML Injection vulnerability in Uapplication Uphotogallery 1.1 Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. network uapplication | 4.3 |
2006-12-04 | CVE-2006-6247 | SQL Injection vulnerability in Uapplication Uphotogallery 1.1 Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1.1 allow remote attackers to execute arbitrary SQL commands via the ci parameter to (1) slideshow.asp or (2) thumbnails.asp. | 7.5 |