92 matches found
CVE-2021-38819
A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through "id" parameter on the album page...
PT-2022-10780 · Unknown · Simple Image Gallery System
Name of the Vulnerable Software and Affected Versions: Simple Image Gallery System version 1.0 Description: A SQL injection issue exists in the application, specifically through the id parameter on the album page. Recommendations: For Simple Image Gallery System version 1.0, avoid using the id...
CVE-2021-38819
CVE-2021-38819 affects the Simple Image Gallery System 1.0. A SQL injection exists via the “id” parameter on the album page, with CVSS v3.1 base score 8.8 (HIGH) and impacts to Confidentiality, Integrity, and Availability. Exploitation is listed as network-based with low attack complexity, requir...
CVE-2021-39313
The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the /simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...
Cross site scripting
The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the /simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...
CVE-2021-39313 Simple Image Gallery <= 1.0.6 Reflected Cross-Site Scripting
The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the /simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...
CVE-2021-39313
CVE-2021-39313 affects the WordPress Simple Image Gallery plugin. The vulnerability is a Reflected Cross-Site Scripting flaw in the simple-image-gallery.php file, exploitable via the msg parameter and permits injection of arbitrary client-side scripts. The issue is present in versions up to and i...
CVE-2021-39313 Simple Image Gallery <= 1.0.6 Reflected Cross-Site Scripting
The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the /simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...
Simple Image Gallery <= 1.0.6 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the /simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. simple Image Gallery plugin is a WordPress open source application plugin. the WordPress Simple Image Gallery plugin ha...
WordPress Simple Image Gallery plugin <= 1.0.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Simple Image Gallery plugin versions = 1.0.6. Solution Deactivate and delete. This plugin has been closed as of December 3, 2021 and is not available for download. This closure is temporary, pending a full review...
CVE-2021-38753
An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app...
CVE-2021-38753
The CVE-2021-38753 entry concerns Simple Image Gallery Web App, with an unrestricted file upload vulnerability that can be exploited to upload a web shell and execute it, potentially gaining unauthorized access to the hosting server. Multiple sources describe an access control/file-upload flaw en...
Kubik-Rubik Simple Image Gallery Extended Cross-Site Scripting Vulnerability in Joomla!
Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other features . Kubik-Rubik Simple Image Gallery Extended SIGE extension is to use one of the image management extension component. A cross-si...
CVE-2018-7717
The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended SIGE extension 3.2.3 for Joomla! has XSS via a crafted image header, as demonstrated by the Caption-Abstract header object in a JPEG file. This is fixed in 3.3.1...
Design/Logic Flaw
The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended SIGE extension 3.2.3 for Joomla! has XSS via a crafted image header, as demonstrated by the Caption-Abstract header object in a JPEG file. This is fixed in 3.3.1...
Kubik-Rubik Simple Image Gallery Extended (SIGE),3.2.3,XSS (Cross Site Scripting)
Kubik-Rubik Simple Image Gallery Extended SIGE, versions 3.2.3 and previous, XSS Cross Site Scripting resolution: update to 3.2.4 latest release is 3.3.0 update notice: https://joomla-extensions.kubik-rubik.de/sige-simple-image-gallery-extendedchangelog Note that the developer did not inform the ...
CVE-2017-16356
CVE-2017-16356 affects Kubik-Rubik Simple Image Gallery Extended (SIGE) for Joomla. The vulnerability is a reflected XSS in print.php that allows JavaScript injection via crafted parameters (caption; also name/img in older versions). Impact is execution of script in the victim’s browser. Affected...
CVE-2017-16356
Reflected XSS in Kubik-Rubik SIGE aka Simple Image Gallery Extended before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/pluginsige/print.php link with a crafted img, name, or caption parameter...
Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting
Exploit Title: Joomla! Component SIGE version 3. Solution: Update to version 3.3.0 https://downloads.kubik-rubik.de/joomla-extensions/plgsigev3.3.0.zip...