CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 2CVE-2020-28687 – Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile
https://notcve.org/view.php?id=CVE-2020-28687
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. La funcionalidad edit profile en ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT AND MYSQL versión 1.0, permite a atacantes remotos cargar archivos • https://www.exploit-db.com/exploits/49167 https://code-projects.org/artworks-gallery-in-php-css-javascript-and-mysql-free-download https://packetstormsecurity.com/files/160095/Artworks-Gallery-1.0-Shell-Upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 2CVE-2020-28688 – Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Add Artwork
https://notcve.org/view.php?id=CVE-2020-28688
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. La funcionalidad add artwork en ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT AND MYSQL versión 1.0, permite a atacantes remotos cargar archivos Artworks Gallery version 1.0 suffers from multiple remote shell upload vulnerabilities. • https://www.exploit-db.com/exploits/49166 https://code-projects.org/artworks-gallery-in-php-css-javascript-and-mysql-free-download https://packetstormsecurity.com/files/160095/Artworks-Gallery-1.0-Shell-Upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2010-4815
https://notcve.org/view.php?id=CVE-2010-4815
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution. La galería Coppermine versiones anteriores a 1.4.26, presenta una vulnerabilidad de comprobación de entrada que permite una ejecución de código. • https://forum.coppermine-gallery.net/index.php/topic%2C63510.0.html https://seclists.org/oss-sec/2010/q1/121 https://www.openwall.com/lists/oss-security/2011/08/19/7 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7482 – ReFlex Gallery < 1.4.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-7482
The reflex-gallery plugin before 1.4.3 for WordPress has XSS. El plugin reflex-gallery anterior a 1.4.3 para WordPress tiene XSS. The reflex-gallery plugin before 1.4.3 for WordPress has XSS via Edit Content URL field. • https://wordpress.org/plugins/reflex-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5974 – Contest Gallery – Photo Contest Plugin for WordPress <= 10.4.4 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-5974
Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Contest Gallery versiones anteriores a 10.4.5, permite a los atacantes remotos secuestrar la autenticación de administradores por medio de vectores no especificados. • https://jvn.jp/en/jp/JVN80925867/index.html https://wordpress.org/plugins/contest-gallery https://wpvulndb.com/vulnerabilities/9436 • CWE-352: Cross-Site Request Forgery (CSRF) •