CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2023-27040
https://notcve.org/view.php?id=CVE-2023-27040
Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the username parameter. • https://www.exploit-db.com/exploits/50214 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-38819
https://notcve.org/view.php?id=CVE-2021-38819
A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through "id" parameter on the album page. Existe una vulnerabilidad de inyección SQL en la aplicación Simple Image Gallery System 1.0 a través del parámetro "id" en la página del álbum. • https://github.com/m4sk0ff/CVE-2021-38819 https://github.com/m4sk0ff/CVE-2021-38819/blob/main/CVE-2021-38819.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38753
https://notcve.org/view.php?id=CVE-2021-38753
An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app. Una carga de archivos no restringida en la aplicación web Simple Image Gallery, puede ser explotada para cargar una shell web y ejecutada para conseguir acceso no autorizado al servidor que aloja la aplicación web. • https://github.com/dumpling-soup/Simple-Image-Gallery-Web-App/blob/main/README.md • CWE-434: Unrestricted Upload of File with Dangerous Type •