NotCVE - vendor:"Developiteasy" product:"Photo Gallery" version:"1.2"

Page 9 of 44 results (0.005 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2015-1394 – Photo Gallery by 10Web <= 1.2.10 - Authenticated Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2015-1394

Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el plugin Photo Gallery versiones anteriores a 1.2.11 para WordPress, permiten a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) sort_by, (2) sort_order, (3) items_view, (4 ) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src o (8) clipboard_dest en una acción addImages en el archivo wp-admin/admin-ajax.php. WordPress Photo Gallery plugin version 1.2.8 suffers from a cross site scripting vulnerability. • http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded https://plugins.trac.wordpress.org/changeset/1073334 https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery https://seclists.org/bugtraq/2015/Jan/140 https://wordpress.org/plugins/photo-gallery/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2015-1393 – Photo Gallery by 10Web <= 1.2.10 - Authenticated SQL Injection via asc_or_desc Parameter

https://notcve.org/view.php?id=CVE-2015-1393

SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php. Vulnerabilidad de inyección SQL en el plugin Photo Gallery anterior a 1.2.11 para WordPress permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro asc_or_desc en una solicitud para crear galería en la página galleries_bwg en wp-admin/admin.php. WordPress Photo Gallery plugin version 1.2.8 suffers from a remote SQL injection vulnerability. • http://www.securityfocus.com/archive/1/534569/100/0/threaded https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-9380 – Photo Gallery by 10Web <= 1.2.41 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2015-9380

The photo-gallery plugin before 1.2.42 for WordPress has CSRF. El plugin photo-gallery anterior a la versión 1.2.42 para WordPress tiene CSRF. The Photo Gallery plugin before 1.2.42 for WordPress has CSRF. • https://wordpress.org/plugins/photo-gallery/#developers https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable https://wpvulndb.com/vulnerabilities/7225 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

CVE-2008-6348 – DevelopItEasy Photo Gallery 1.2 - SQL Injection

https://notcve.org/view.php?id=CVE-2008-6348

Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de inyección SQL en DevelopItEasy Photo Gallery v1.2 permite a atacantes remotos ejecutar comandos SQL de su elección mediante (1) el parámetro "cat_id2 en gallery_category.php, los parámetros (2) "photo_id" y (4) "user_pass" en admin/index.php. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/7016 http://secunia.com/advisories/32593 http://www.securityfocus.com/bid/32145 https://exchange.xforce.ibmcloud.com/vulnerabilities/46400 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1...7 8 9