Lucene search
K
XooscriptsXoogallery

4 matches found

CVE
CVE
added 2026/03/12 3:36 p.m.12 views

CVE-2019-25522

CVE-2019-25522 affects XooGallery Latest, where the vulnerability is an unauthenticated SQL injection in the photo_id parameter passed to photo.php. The root cause is unsafely constructed SQL queries via the photo_id input, enabling attackers to manipulate database queries and potentially extract...

9.1CVSS5.9AI score0.00358EPSS
CVE
CVE
added 2026/03/12 3:36 p.m.11 views

CVE-2019-25523

CVE-2019-25523 affects XooGallery Latest. The issue is an SQL injection in the cat_id parameter passed to cat.php, allowing unauthenticated attackers to influence database queries (bypass auth, extract/modify data) via GET requests. Root cause is unsanitized user input in SQL queries. The connect...

9.1CVSS5.9AI score0.00393EPSS
CVE
CVE
added 2026/03/12 3:36 p.m.10 views

CVE-2019-25524

CVE-2019-25524 affects XooGallery Latest and is caused by an SQL injection in the p parameter to results.php. The vulnerability allows unauthenticated attackers to manipulate database queries, potentially bypassing authentication, extracting sensitive data, or modifying data. Exploitation details...

9.1CVSS5.9AI score0.00393EPSS
CVE
CVE
added 2026/03/12 3:36 p.m.7 views

CVE-2019-25521

Summary: CVE-2019-25521 is an SQL injection vulnerability in the XooGallery Latest component that allows unauthenticated attackers to manipulate database queries via the gal_id parameter in gal.php. The issue is triggered by crafting malicious gal_id values in GET requests to extract sensitive da...

9.1CVSS5.9AI score0.00287EPSS