CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter imageid in the file /admin/changepropic.php. An attacker...

8.8CVSS8.3AI score0.00268EPSS

Exploits1References1

OSV•added 2025/06/21 5:15 p.m.•0 views

CVE-2025-6411

A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/changepropic.php. The manipulation of the argument imageid leads to sql injection. The attack can be launched...

8.8CVSS5.8AI score

Exploits0References5

CNNVD•added 2025/06/21 12:0 a.m.•1 views

PHPGurukul Art Gallery Management System 注入漏洞

8.8CVSS8.2AI score0.00268EPSS

Exploits1References6

Hacker One•added 2025/06/03 2:51 p.m.•254 views

Lichess: ImageId Format Injection in Image Upload Endpoint

The image upload endpoint in the Lichess application did not properly validate the 'rel' parameter, allowing an attacker to inject special characters that broke the expected format of the generated ImageId. This could have led to parsing issues in other parts of the application that relied on the...

7AI score

Exploits0

Positive Technologies•added 2024/09/24 12:0 a.m.•2 views

PT-2024-39012 · WordPress · Wp Easy Gallery

Name of the Vulnerable Software and Affected Versions: The WP Easy Gallery – WordPress Gallery Plugin versions up to, and including, 4.8.5 Description: The issue allows authenticated attackers with subscriber-level access and above to perform SQL Injection via the edit imageId and edit imageDelet...

9.9CVSS7.8AI score0.00485EPSS

Exploits0References9

Veracode•added 2024/07/16 6:32 a.m.•9 views

Path Traversal

@jmondi/url-to-png is vulnerable to Path Traversal. The vulnerability is due to the lack of proper sanitization or validation of the ImageId input within extractqueryparams.ts, which allows an attacker to store an image in an arbitrary location that the server has permission to access...

4.3CVSS6.8AI score0.00094EPSS

Exploits0References5Affected Software1

NVD•added 2024/07/15 8:15 p.m.•9 views

CVE-2024-39918

@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the ImageId in the code is not sanitized and may lead to path traversal. This allows an attacker to store an image in ...

4.3CVSS0.00094EPSS

Exploits0References3

Vulnrichment•added 2024/07/15 7:53 p.m.•15 views

CVE-2024-39918 Path Traveral in @jmondi/url-to-png

4.3CVSS7.1AI score0.00094EPSS

Exploits0References3

Cvelist•added 2024/07/15 7:53 p.m.•15 views

CVE-2024-39918 Path Traveral in @jmondi/url-to-png

4.3CVSS0.00094EPSS

Exploits0References3

Github Security Blog•added 2024/07/15 5:46 p.m.•10 views

@jmondi/url-to-png contains a Path Traversal vulnerability

Summary When trying to add a BLOCKLIST feature when the maintainer noticed they didn't sanitize the ImageId in the code, which leads to path traversal vulnerability. Now, this is different from a traditional path traversal issue, because as of NOW you can store the image in any place arbitrarily,...

4.3CVSS6.9AI score0.00094EPSS

Exploits0References6Affected Software1

NVD•added 2024/01/12 4:15 p.m.•7 views

CVE-2023-51978

In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection...

8.1CVSS6.7AI score0.00068EPSS

Exploits1References1

Prion•added 2020/01/15 6:15 p.m.•11 views

Code injection

The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the imageid parameter...

4CVSS6.7AI score0.00177EPSS

Exploits0References2Affected Software1