Gallery Project » Gallery » 1.3.2 : Security Vulnerabilities, CVEs,
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs."
Max CVSS
5.0
EPSS Score
0.91%
Published
2006-08-16
Updated
2011-03-08
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.
Max CVSS
5.0
EPSS Score
7.78%
Published
2004-12-31
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
Max CVSS
4.3
EPSS Score
0.45%
Published
2003-08-27
Updated
2018-10-19
publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code.
Max CVSS
7.5
EPSS Score
0.32%
Published
2002-12-31
Updated
2008-09-05
PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter.
Max CVSS
7.5
EPSS Score
1.22%
Published
2002-12-31
Updated
2017-07-11
5 vulnerabilities found