Photo Gallery CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (49 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2019-16119	1 10web	1 Photo Gallery	2024-11-21	9.8 Critical
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
CVE-2019-16118	1 10web	1 Photo Gallery	2024-11-21	6.1 Medium
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.
CVE-2019-16117	1 10web	1 Photo Gallery	2024-11-21	6.1 Medium
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.
CVE-2019-14798	1 10web	1 Photo Gallery	2024-11-21	N/A
The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.
CVE-2019-14797	1 10web	1 Photo Gallery	2024-11-21	N/A
The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.
CVE-2019-14313	1 10web	1 Photo Gallery	2024-11-21	9.8 Critical
A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.
CVE-2015-9380	1 10web	1 Photo Gallery	2024-11-21	N/A
The photo-gallery plugin before 1.2.42 for WordPress has CSRF.
CVE-2015-2324	1 10web	1 Photo Gallery	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1394	1 10web	1 Photo Gallery	2024-11-21	5.4 Medium
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php.

« first previous Page 3 of 3.