Encaps: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in search.php in EncapsGallery 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2008-04-27
Unrestricted file upload vulnerability in the file_upload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct request to the file in the rwx_gallery directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
9.0
EPSS Score
0.007
Published
2008-04-27
Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery 1.11.2 allow remote attackers to inject arbitrary web script or HTML via the file parameter to (1) watermark.php and (2) catalog_watermark.php in core/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
4.3
EPSS Score
0.003
Published
2008-03-12