EUVD-2019-19792

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galleryid parameter. Attackers can send GET requests to gallery.php with malicious galleryid values using...

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Ready-made News Sites Script is a content management system provided by the Turkish company Jettweb. Version V1 of the Jettweb PHP Ready-made News Sites Script has a SQL injection vulnerability. This vulnerability stems from the galleryid parameter, which allows for SQL injections. It...

PT-2026-24981

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal id parameter. Attackers can send GET requests to gal.php with malicious gal id values to extract sensitive database information or...

CVE-2024-5424

The Gallery Blocks with Lightbox. Image Gallery, HTML5 video , YouTube, Vimeo Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘galleryID’ and 'className' parameters in all versions up to, and including, 3.2.1 due to...

WordPress Gallery Blocks with Lightbox plugin <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via galleryID and className Parameters vulnerability discovered by Webbernaut in WordPress Plugin SimpLy Gallery versions = 3.2.1...

CVE-2018-5981

SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tagid parameter or galleryid parameter...