CVE-2016-1000123 – Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000123
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Vulnerabilidad de inyección SQL no autenticada en Huge-IT Video Gallery v1.0.9 para Joomla Joomla Huge-IT Video Gallery component version 1.0.9 suffers from a remote unauthenticated SQL injection vulnerability. • https://www.exploit-db.com/exploits/42596 http://huge-it.com/joomla-video-gallery http://www.securityfocus.com/bid/93107 http://www.vapidlabs.com/advisory.php?v=169 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2016-1000113 – Joomla Huge IT Gallery 1.1.5 Cross Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000113
XSS and SQLi in huge IT gallery v1.1.5 for Joomla XSS y SQLi en galería huge IT v1.1.5 para Joomla. Joomla Huge IT Gallery component version 1.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities. • http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro http://www.securityfocus.com/bid/92102 http://www.vapidlabs.com/advisory.php?v=164 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2016-11018 – Huge-IT gallery-images <= 1.8.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-11018
An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). Se detectó un problema en el plugin Huge-IT gallery-images versiones anteriores a 1.9.0 para WordPress. • http://10degres.net/cve-2016-11018-image-gallery-sql-injection https://plugins.trac.wordpress.org/browser/gallery-images/tags/1.8.9 https://plugins.trac.wordpress.org/browser/gallery-images/tags/1.9.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-7153 – Image Gallery - Responsive Photo Gallery <= 1.0.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2014-7153
SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php. Vulnerabilidad de inyección SQL en la función editgallery en admin/gallery_func.php en el plugin Huge-IT Image Gallery 1.0.1 para WordPress permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro removeslide en wp-admin/admin.php. SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin <= 1.0.7 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php. • https://www.exploit-db.com/exploits/34524 http://packetstormsecurity.com/files/128118/WordPress-Huge-IT-Image-Gallery-1.0.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •