4images@1.7.3 Security Vulnerabilities and Issues — 4images@1.7.3 CVE List

Lucene search

4homepages4images1.7.3

4 matches found

CVE•added 2009/06/19 6:0 p.m.•53 views

CVE-2009-2131

Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.

3.5CVSS5.4AI score0.01015EPSS

CVE•added 2006/10/11 1:7 a.m.•49 views

CVE-2006-5236

SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter.

7.5CVSS8.3AI score0.04048EPSS

CVE•added 2009/07/08 3:30 p.m.•47 views

CVE-2009-2380

Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable.

4.3CVSS5.8AI score0.00329EPSS

CVE•added 2009/06/19 6:0 p.m.•44 views

CVE-2009-2132

Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.

6.8CVSS7.4AI score0.01258EPSS