CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0722 – needyamin image_gallery Cover Image gallery.php unrestricted upload
https://notcve.org/view.php?id=CVE-2025-0722
26 Jan 2025 — A vulnerability classified as critical was found in needyamin image_gallery 1.0. This vulnerability affects unknown code of the file /admin/gallery.php of the component Cover Image Handler. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.293482 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0721 – needyamin image_gallery view.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-0721
26 Jan 2025 — A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.293481 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35721 – WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-35721
06 Jun 2024 — Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5. Vulnerabilidad de autorización faltante en A WP Life Image Gallery: Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery. Este problema afecta a la Galería de imágenes: Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: desde n/a hasta 1.4.5. The Ima... • https://patchstack.com/database/vulnerability/new-image-gallery/wordpress-image-gallery-plugin-1-4-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1327 – Image Gallery - Grid Gallery < 1.1.6 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1327
03 Jun 2022 — The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed El plugin Image Gallery - Grid Gallery de WordPress en versiones anteriores a la 1.1.6 no sanea y escapa de algunos de sus campos de imagen, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting inc... • https://wpscan.com/vulnerability/6b71eb38-0a4a-49d1-96bc-84bbe675be1e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4987
https://notcve.org/view.php?id=CVE-2016-4987
09 Feb 2017 — Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. Vulnerabilidad de salto de directorio en el plugin Image Gallery en versiones anteriores a 1.4 en Jenkins permite a atacantes remotos listar directorios arbitrarios y leer archivos arbitrarios a través de campos de formulario no especificados. • https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-11018 – Huge-IT gallery-images <= 1.8.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-11018
10 May 2016 — An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). Se detectó un problema en el plugin Huge-IT gallery-images versiones anteriores a 1.9.0 para WordPress. • http://10degres.net/cve-2016-11018-image-gallery-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2009-1446 – Elkagroup Image Gallery 1.0 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2009-1446
27 Apr 2009 — Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de subida de ficheros sin restricciones en upload.php en Elkagroup Image Gallery v1.0 permite a los usuarios remotos autenticados ejecutar código arbitrari... • https://www.exploit-db.com/exploits/8514 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2008-5037 – Elkagroup Image Gallery 1.0 - 'view.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5037
12 Nov 2008 — SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. Vulnerabilidad de inyección SQL en view.php en ElkaGroup Image Gallery v1.0 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "cid". • https://www.exploit-db.com/exploits/32542 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 11%CPEs: 1EXPL: 1CVE-2007-3461 – Elkagroup Image Gallery 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-3461
27 Jun 2007 — SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. Vulnerabilidad de inyección SQL en property.php en elkagroup Image Gallery 1.0 permite a atacantes remotos ejecutar comandos SQl de su elección a travé del parámetro pid. • https://www.exploit-db.com/exploits/4114 •