Gallery Project: >> Gallery >> 1.2 Security Vulnerabilities
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs."
CVSS Score
5.0
EPSS Score
0.006
Published
2006-08-16
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
CVSS Score
4.3
EPSS Score
0.06
Published
2003-08-27
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.
CVSS Score
7.5
EPSS Score
0.158
Published
2003-04-11
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
CVSS Score
7.5
EPSS Score
0.039
Published
2001-10-02