CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12977 – Photo Gallery by 10Web <= 1.3.50 - Authenticated SQL Injection via tag_id Parameter
https://notcve.org/view.php?id=CVE-2017-12977
20 Aug 2017 — The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter. El plugin "Photo Gallery by WD - Responsive Photo Gallery" de Web-Dorado en su versión 1.3.51 para WordPress tiene una vulnerabilidad de inyección SQL que afecta a bwg_edit_tag() en photo-gallery.php y a edi... • https://github.com/jgj212/Advisories/blob/master/photo-gallery.1.3.50-SQL • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10918 – Photo Gallery by Supsystic <= 1.8.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2016-10918
15 Aug 2016 — The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. El plugin gallery-by-supsystic versiones anteriores a 1.8.6 para WordPress, presenta una vulnerabilidad de tipo CSRF. The Photo Gallery by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.5. This is due to missing or incorrect nonce validation on the 'updateAttachment' action. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged req... • https://wordpress.org/plugins/gallery-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10921 – Photo Gallery by Ays – Responsive Image Gallery < 1.0.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-10921
11 Jul 2016 — The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection. El plugin gallery-photo-gallery versiones anteriores a 1.0.1 para WordPress, presenta una inyección SQL. The Photo Gallery by Ays – Responsive Image Gallery plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for attackers to append additi... • https://wordpress.org/plugins/gallery-photo-gallery/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2324 – Photo Gallery by 10Web <= 1.2.12 - Authenticated Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-2324
13 Mar 2015 — Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en filemanager en las versiones anteriores a la 1.2.13 del plugin Photo Gallery para WordPress permite que los usuarios autenticados remotos con permiso de edición inyecten scripts web o HTML arbitrarios mediante vectores no especifica... • https://fortiguard.com/zeroday/FG-VD-15-009 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1394 – Photo Gallery by 10Web <= 1.2.10 - Authenticated Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-1394
28 Jan 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el plugin Photo Gallery versiones anteriores a 1.2.11 para Wo... • https://packetstorm.news/files/id/130149 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 76%CPEs: 1EXPL: 5CVE-2014-9312 – Photo Gallery by 10Web <= 1.2.5 - Unrestricted File Upload
https://notcve.org/view.php?id=CVE-2014-9312
26 Jan 2015 — Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. Existe una vulnerabilidad de subida de archivos sin restricciones en Photo Gallery 1.2.5. Photo Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-gallery\photo-gallery.php script allows access to filemanager\UploadHandler.php. The post() method in UploadHandler.php • https://packetstorm.news/files/id/130104 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1393 – Photo Gallery by 10Web <= 1.2.10 - Authenticated SQL Injection via asc_or_desc Parameter
https://notcve.org/view.php?id=CVE-2015-1393
23 Jan 2015 — SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php. Vulnerabilidad de inyección SQL en el plugin Photo Gallery anterior a 1.2.11 para WordPress permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro asc_or_desc en una solicitud para crear galería en la página gal... • https://packetstorm.news/files/id/130148 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1055 – Photo Gallery by 10Web <= 1.2.7 - Unauthenticated Blind SQL Injection via order_by Parameter
https://notcve.org/view.php?id=CVE-2015-1055
12 Jan 2015 — SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php. Vulnerabilidad de inyección SQL en el plugin Photo Gallery 1.2.7 para WordPress permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro order_by en una acción GalleryBox en wp-admin/admin-ajax.php. • http://seclists.org/fulldisclosure/2015/Jan/36 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9380 – Photo Gallery by 10Web <= 1.2.41 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-9380
07 May 2014 — The photo-gallery plugin before 1.2.42 for WordPress has CSRF. El plugin photo-gallery anterior a la versión 1.2.42 para WordPress tiene CSRF. The Photo Gallery plugin before 1.2.42 for WordPress has CSRF. • https://wordpress.org/plugins/photo-gallery/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-6348 – DevelopItEasy Photo Gallery 1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-6348
02 Mar 2009 — Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de inyección SQL en DevelopItEasy Photo Gallery v1.2 permite a atacantes remotos ejecutar comandos SQL de su elec... • https://www.exploit-db.com/exploits/7016 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •