📦

image_gallery

Vendor: huge-it

Actively Exploited 0 CISA KEV List

PoC / Exploits 6 Code Available

Total RCEs 1 Remote Access

Total CVEs 4 Total Indexed

Avg. EPSS 0.82% Exploit Prob.

Latest CVE CVE-2024-35721 Jun 10

Security Vulnerability Index

Page 1 / 1

4.3 CVSS

CVE-2024-35721

Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5.

EPSS: 0.38%

Severity: MEDIUM

Jun 10, 2024

4.8 CVSS

CVE-2022-1327

The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

EPSS: 0.21%

Severity: MEDIUM

Jun 27, 2022

9.8 CVSS

CVE-2016-11018

An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback().

EPSS: 1.42%

Severity: CRITICAL

Jan 21, 2020

6.5 CVSS

CVE-2016-4987

Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.

EPSS: 0.36%

Severity: MEDIUM

Feb 09, 2017

6.5 CVSS

CVE-2014-7153

Exploit Found

SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php.

EPSS: 1.27%

Severity: MEDIUM

Sep 22, 2014

7.5 CVSS

CVE-2009-4569

Exploit Found

SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/.

EPSS: 0.14%

Severity: HIGH

Jan 05, 2010

6.5 CVSS

CVE-2009-1446

RCE Exploit Found

Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information.

EPSS: 2.88%

Severity: MEDIUM

Apr 27, 2009

7.5 CVSS

CVE-2008-6466

Exploit Found

SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action.

EPSS: 0.49%

Severity: HIGH

Mar 13, 2009

7.5 CVSS

CVE-2008-5037

Exploit Found

SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

EPSS: 0.33%

Severity: HIGH

Nov 12, 2008

7.5 CVSS

CVE-2007-3461

Exploit Found

SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

EPSS: 0.69%

Severity: HIGH

Jun 27, 2007

Displaying 10 of 4 Total Entries

Total 1 Sections