Imgallery : Security Vulnerabilities, CVEs,

CVE-2008-2337

Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors than CVE-2006-3163.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-05-19
Updated
2017-09-29

CVE-2007-0082

users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.
Max CVSS
6.5
EPSS Score
2.03%
Published
2007-01-05
Updated
2017-10-19

CVE-2006-3163

Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters.
Max CVSS
7.5
EPSS Score
0.64%
Published
2006-06-22
Updated
2017-07-20
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close