CVE-2024-5481 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the escdir function. This makes it possible for authenticated attackers to cut and paste copy the contents of arbitrary files on the...

CVE-2023-3154

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server...

PT-2023-23378 · WordPress · Wordpress Gallery Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Gallery Plugin versions prior to 3.39 Description: The issue is related to PHAR Deserialization due to a lack of input parameter validation in the gallery edit function. This allows an attacker to access arbitrary resources on the...

WordPress plugin WordPress Gallery Plugin security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-23384 · WordPress · Wordpress Gallery Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Gallery Plugin versions prior to 3.39 Description: The issue is related to a lack of input parameter validation in the gallery edit function, allowing an attacker to access arbitrary resources on the server. This can lead to Arbitra...

CVE-2012-3873

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...

Sql injection

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...