CVSS: 5.0EPSS: 7%CPEs: 5EXPL: 1CVE-2004-2124 – Gallery 1.3.x/1.4 - Remote Global Variable Injection
https://notcve.org/view.php?id=CVE-2004-2124
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. • https://www.exploit-db.com/exploits/23599 http://gallery.menalto.com/modules.php?op=modload&name=News&file=index http://marc.info/?l=bugtraq&m=107524414317693&w=2 http://secunia.com/advisories/10712 http://www.gentoo.org/security/en/glsa/glsa-200402-04.xml http://www.osvdb.org/3737 http://www.securityfocus.com/bid/9490 https://exchange.xforce.ibmcloud.com/vulnerabilities/14950 •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 1CVE-2003-0614 – Gallery 1.2/1.3.x - Search Engine Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0614
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter. Vulnerabilidad en sitios cruzados en search.php de Gallery 1.1 a 1.3.4 permite a atacantes remotos insertar script web mediante el parámetro searchstring • https://www.exploit-db.com/exploits/22961 http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0 http://marc.info/?l=bugtraq&m=106252092421469&w=2 http://www.debian.org/security/2003/dsa-355 http://www.securityfocus.com/archive/1/330676 http://www.securityfocus.com/archive/1/348641/30/21790/threaded •