Image gallery
This hub aggregates every CVE we track for Image gallery, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.
DevTools & CIother
11
CVEs tracked
1
Critical
4
High
0
In CISA KEV
Severity distribution
MEDIUM6HIGH4CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 11 most recently published vulnerabilities affecting Image gallery.
- CVE-2024-35721WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability4.3
- CVE-2022-1327Image Gallery - Grid Gallery < 1.1.6 - Admin+ Stored Cross-Site Scripting4.8
- CVE-2016-11018An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is g...9.8
- CVE-2016-4987Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.6.5
- CVE-2014-7153SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL ...6.5
- CVE-2009-4569SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/.7.5
- CVE-2009-1446Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, the...6.5
- CVE-2008-6466SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image p...7.5
- CVE-2008-5037SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.7.5
- CVE-2008-3511Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index....4.3
- CVE-2007-3461SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.7.5
Product normalization is registry-driven with AI assist and human review. How it works