Gallery Project Gallery 1.4 for WordPress

CPE Details

Gallery Project Gallery 1.4 for WordPress
gallery_project
gallery
1.4
2020-01-27
13h19 +00:00
2020-01-27
13h19 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gallery_project:gallery:1.4:*:*:*:*:wordpress:*:*

Informations

Vendor

gallery_project

Product

gallery

Version

1.4

Target Software

wordpress

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2012-4919 2020-01-22 17h03 +00:00 Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability
9.8
Critical
CVE-2006-4030 2006-08-16 19h00 +00:00 Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs."
5
CVE-2006-1696 2006-04-11 08h00 +00:00 Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
4.3
CVE-2006-0587 2006-02-08 00h00 +00:00 Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.
6.5
CVE-2006-0330 2006-01-20 23h00 +00:00 Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).
4.3
CVE-2005-2734 2005-08-29 02h00 +00:00 Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
4.3
CVE-2003-1227 2005-08-16 02h00 +00:00 PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation.
7.5
CVE-2004-2124 2005-05-27 02h00 +00:00 The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.
5
CVE-2004-1106 2004-12-01 04h00 +00:00 Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.
6.8
CVE-2004-0522 2004-06-08 02h00 +00:00 Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.
10