Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown
CVE-2008-4645
Disclosure Date: October 22, 2008 (last updated October 04, 2023)
plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function.
0
Attacker Value
Unknown
CVE-2006-3476
Disclosure Date: July 10, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
0
Attacker Value
Unknown
CVE-2006-2041
Disclosure Date: April 26, 2006 (last updated October 04, 2023)
PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
0
Attacker Value
Unknown
CVE-2005-4228
Disclosure Date: December 14, 2005 (last updated February 22, 2025)
Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NOTE: it was later reported that the comments.php/sort_by vector also affects 1.7.2 and earlier.
0
Attacker Value
Unknown
CVE-2002-2064
Disclosure Date: December 31, 2002 (last updated February 22, 2025)
isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain administrative access via by setting the photo_login cookie to pseudo.
0