Verosky Media: >> Instant Photo Gallery Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky Media Instant Photo Gallery, possibly before 1.0.2, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.
CVSS Score
4.3
EPSS Score
0.007
Published
2006-04-27
SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the count_click function in includes/functions/fns_std.php. NOTE: this issue could produce resultant XSS.
CVSS Score
6.8
EPSS Score
0.023
Published
2006-04-27
Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since the "viewpro" string does not appear in the source code for version 1.0.2 of the product.
CVSS Score
5.8
EPSS Score
0.005
Published
2006-04-26
Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php.
CVSS Score
7.5
EPSS Score
0.012
Published
2005-12-04