cpe:2.3:a:gallery_project:gallery:1.3.2:*:*:*:*:*:*:*
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs."
Max CVSS
5.0
EPSS Score
0.91%
Published
2006-08-16
Updated
2011-03-08
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.
Max CVSS
5.0
EPSS Score
7.78%
Published
2004-12-31
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
Max CVSS
4.3
EPSS Score
0.45%
Published
2003-08-27
Updated
2018-10-19
publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code.
Max CVSS
7.5
EPSS Score
0.32%
Published
2002-12-31
Updated
2008-09-05
PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter.
Max CVSS
7.5
EPSS Score
1.22%
Published
2002-12-31
Updated
2017-07-11
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!