4images Security Vulnerabilities and Issues — 4images CVE List

Lucene search

4homepages4images

11 matches found

CVE•added 2021/03/22 3:15 p.m.•93 views

CVE-2021-27308

A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter.

4.8CVSS4.8AI score0.00485EPSS

CVE•added 2009/06/19 6:0 p.m.•53 views

CVE-2009-2131

Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.

3.5CVSS5.4AI score0.01015EPSS

CVE•added 2006/10/11 1:7 a.m.•49 views

CVE-2006-5236

SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter.

7.5CVSS8.3AI score0.0417EPSS

CVE•added 2009/07/08 3:30 p.m.•47 views

CVE-2009-2380

Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable.

4.3CVSS5.8AI score0.00329EPSS

CVE•added 2012/02/08 12:55 a.m.•46 views

CVE-2012-1023

Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.

5.8CVSS6.9AI score0.04462EPSS

CVE•added 2009/06/19 6:0 p.m.•44 views

CVE-2009-2132

Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.

6.8CVSS7.4AI score0.01258EPSS

CVE•added 2006/04/25 12:50 p.m.•43 views

CVE-2006-2011

Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the user_name parameter in register.php.

2.6CVSS5.7AI score0.00622EPSS

CVE•added 2015/10/05 3:59 p.m.•42 views

CVE-2015-7708

Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat_description parameter in an updatecat action to admin/categories.php.

4.3CVSS5.9AI score0.00225EPSS

CVE•added 2012/02/08 12:55 a.m.•41 views

CVE-2012-1021

Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action.

4.3CVSS5.9AI score0.04593EPSS

CVE•added 2021/01/26 6:15 p.m.•39 views

CVE-2020-35853

4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Each time a user visits that URL, the XSS triggers and the attacker can be able to steal the cookie a...

4.8CVSS4.7AI score0.00207EPSS

CVE•added 2012/02/08 12:55 a.m.•38 views

CVE-2012-1022

SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an addcat action.

7.5CVSS8.7AI score0.00438EPSS