Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2008-4645

Disclosure Date: October 22, 2008 (last updated October 04, 2023)
plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function.
0
Attacker Value
Unknown

CVE-2006-3476

Disclosure Date: July 10, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
0
Attacker Value
Unknown

CVE-2006-2041

Disclosure Date: April 26, 2006 (last updated October 04, 2023)
PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
0
Attacker Value
Unknown

CVE-2005-4228

Disclosure Date: December 14, 2005 (last updated February 22, 2025)
Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NOTE: it was later reported that the comments.php/sort_by vector also affects 1.7.2 and earlier.
0
Attacker Value
Unknown

CVE-2002-2064

Disclosure Date: December 31, 2002 (last updated February 22, 2025)
isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain administrative access via by setting the photo_login cookie to pseudo.
0