Photo Gallery Software Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

Piwigo79
Coppermine Photo Gallery55
Gallery41
Magic Photo Storage Website27
Menalto Gallery17

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix267
Temporary Fix1
Workaround9
Unavailable127
Not Defined383

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High99
Functional9
Proof-of-Concept244
Unproven14
Not Defined421

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical1
Local46
Adjacent11
Network729

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High20
Low206
None561

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required286
None501

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤20
≤34
≤461
≤5164
≤6164
≤7112
≤8235
≤928
≤1019

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤34
≤475
≤5205
≤6163
≤7201
≤8100
≤925
≤1014

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤311
≤475
≤5183
≤6138
≤7109
≤8242
≤910
≤1019

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤31
≤40
≤517
≤620
≤736
≤816
≤922
≤1023

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤53
≤63
≤72
≤81
≤92
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k126
<2k265
<5k384
<10k2
<25k7
<50k3
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k767
<2k20
<5k0
<10k0
<25k0
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (385): .matteoiammarrone Iamma Simple Gallery, 4images Image Gallery Management System, 4Images Image Gallery Management System, 10Web Mobile-Friendly Image Gallery Plugin, 10Web Photo Gallery Plugin, 10Web Photo Gallery plugin, 20 20 Applications 20 20 Auto Gallery, 35mm Slide Gallery, 321soft PhP-Gallery, ACF Photo Gallery Field Plugin, Activewebsoftwares Active Photo Gallery, Active Web Softwares Active Photo Gallery, Akirapowered Image Gallery, Alexred Com Oziogallery, Alex Rabe NextGEN Gallery, All-in-One Video Gallery Plugin, all-video-gallery, All Video Gallery Plugin, Andy Mack 35mmslidegallery, AnimeGenesis Gallery, Anshul Sharma Category-grid-view-gallery, An image gallery, Apache::Gallery, Apptha Contus Video Gallery, Apptha Video Gallery Plugin, Architecture Template, Artworks Gallery in PHP, CSS, JavaScript, and MySQL, ARWScripts Gallery Script Lite, AWScripts Gallery Search Engine, Best Gallery Albums Plugin, Best Image Gallery & Responsive Photo Gallery Plugin, Best Video Gallery Plugin, Bharat Mediratta Gallery, Blue-Collar Productions i-Gallery, Blue-collar Productions i-Gallery, Blue-collar Productions I-gallery, Blueconstantmedia Com Djartgallery, Bodo Bauer BBGallery, Brunetton LittlePhpGallery, CatchThemes Catch Breadcrumb Plugin, CatchThemes Catch Duplicate Switcher Plugin, CatchThemes Catch Gallery Plugin, CatchThemes Catch IDs Plugin, CatchThemes Catch Import Export Plugin, CatchThemes Catch Infinite Scroll Plugin, CatchThemes Catch Scroll Progress Bar Plugin, CatchThemes Catch Sticky Menu Plugin, CatchThemes Catch Themes Demo Import Plugin, CatchThemes Catch Under Construction Plugin, CatchThemes Catch Web Tools Plugin, CatchThemes Essential Content Types Plugin, CatchThemes Essential Widgets Plugin, CatchThemes Generate Child Theme Plugin, CatchThemes Header Enhancement Plugin, CatchThemes Social Gallery and Widget Plugin, CatchThemes To Top Plugin, Clicktech ClickGallery, ClickTech Clickgallery, Codeasily GRAND FlAGallery, Comdev Photo Gallery, Contest Gallery, Contest Gallery Plugin, Cool Video Gallery Plugin, Coppermine-gallery Photo Gallery, Coppermine Coppermine Photo Gallery, Coppermine Photo Gallery, coppermine Photo Gallery, Coppermine Photo Gallery, Crafty Syntax Image Gallery, Crux Software Gallery, CS-Gallery, Customer Photo Gallery Addon, Dale Mooney Moon Gallery, Daniel Lienert Yet Another Gallery, Dan Brown Moa Gallery, Datachecknh GalleryPal FE, David Alkire Drag , David Alkire Drop Gallery, Davlin Thickbox Gallery, DBImageGallery, Dbscripts DBImageGallery, Dean Oakley Photospace Gallery Plugin, DevelopItEasy Photo Gallery, Digitalzoomstudio Video Gallery, Digital Eye Gallery, DJ-ArtGallery Component, Dmitry Sheiko SAPID Gallery, Dreampics Gallery Builder, Drupal Brilliant Gallery, Duma Photo Gallery System, Duware DUGallery, Easy Photo Gallery, EdgeGallery Developer, elkagroup Image Gallery, Elkagroup Image Gallery, ElkaGroup Image Gallery, Encaps EncapsGallery, Enhanced Simple PHP Gallery, Envato Complete Gallery Manager plugin, Envira Photo Gallery Plugin, Envira Gallery Lite, Envira Gallery Lite Plugin, EZGallery, EZOnlineGallery, Ezphotogallery, Filter Portfolio Gallery Plugin, Final Tiles Gallery Plugin, Fipsasp fipsGallery, Flash-album-gallery, Flash Photo Gallery, flickr-justified-gallery Plugin, FOSS Gallery, Fr. Simon Rundell Hs Religiousartgallery, Francisco Burzi Gallery, Francisco Charrua Photo-Gallery, freePHPgallery, FsPHPGallery, G5-Scripts Auto-Img-Gallery, Gallarific PHP Photo Gallery script, Gallery, gallery-by-supsystic Plugin, gallery-photo-gallery Plugin, Gallery Directory, Gallery Image Gallery Web Application, Gallery My Photo Gallery, Gallery Photo Album Package, GalleryCMS, Gallery - Photo Albums - Portfolio Plugin, Gallery 3, Gallery for Social Photo, Gallery from Files Plugin, Gallery Objects, Gallery Plugin, Gallery WD, Gb-plugins GB Gallery Slideshow, Geoffrey Golliher Axiom Photo News Gallery, Gmedia Photo Gallery Plugin, Gnugallery, Grid Gallery Plugin, Gtasoft PhotoKorn Gallery, Hdwplayer hdw-player-video-player-video-gallery, Hitmaaan Hitmaaan Gallery, hp Photo And Imaging Gallery, Huawei AppGallery, Huge-IT Gallery, Huge-IT Image Gallery, Huge-IT Portfolio Gallery Manager, Huge-IT Portfolio Gallery Plugin, Huge-IT Video Gallery, Ice Gallery, Ikemcg phpInstantGallery, image-gallery-with-slideshow, ImageFolio Image Gallery, ImageGalleryPlugin, Imagely NextGEN Gallery, Imagely NextGEN Gallery Plugin, Image Gallery Plugin, Image Gallery with Access Database, Image Photo Gallery Final Tiles Grid Plugin, IMGallery, IM Gallery, insta-gallery Plugin, Instant Photo Gallery, Invision Power Services Invision Gallery, Invision Power Services IP.Gallery, Itamar Elharar Com Musicgallery, Ivan Gallery Script, Japanese PHP Gallery Hosting, JEXTN Video Gallery Extension, Jimmac Original Photo Gallery, Jmb Software Autogallery, Jmk Web Scripts Jmk Picture Gallery, John Bradshaw Np Gallery Plugin, Joonas Viljanen JV2 Folder Gallery, Justin Ellison Node Gallery, Justjoomla Carousel Flash Image Gallery, JV2 Folder Gallery, JV2 Quick Gallery, Jv2design JV2 Folder Gallery, Keil-software Photokorn Gallery, Kerberosdev Gallery In A Box, Keyvan1 ImageGallery, Kkeim Kmita Gallery, Kmita Gallery, Kooijman-design jGallery, KoschtIT KoschtIT Image Gallery, Kubik-Rubik Simple Image Gallery Extended, Le Ralf Ralf Image Gallery, Lightbox Photo Gallery, limb-gallery Plugin, Magic Photo Storage Website, magic photo storage website, Magnifica Webscripts Anima Gallery, Maian Gallery, Maianscriptworld Maian Gallery, Mambo Com Gallery, Mambo Mambo Gallery Manager, Manuel Garcia galleryformatter, Marcel Brinkkemper Lazyest-gallery, Masselink Com Picasa2gallery, Matteo Binda ASP Photo Gallery, MAXdev My Egallery, Maxdev My Egallery, McGallery, mcGalleryPRO, Mcgallerypro mcGallery, Mcgallery Pro, mcGallery PRO, Mediaslash.com MediaSlash Gallery, Menalto gallery, Menalto Gallery, Menalto Gallery Publish Xp Module, Menalto Gallery Webcam Module, Meow Gallery Plugin, Microsoft Clip Art Gallery, MindDezign Photo Gallery, Minimal Design minimal Gallery, Minishowcase Minishowcase Image Gallery, mmgallery, MMS Gallery MMS Gallery PHP, MMS Gallery PHP, Moagallery Moa, Mobile-Friendly Image Gallery Plugin, Modula Image Gallery Plugin, MODX Revolution Gallery, mojoscripts mojoGallery, MooseGallery, Mxmania Gallery MX, Mydyngallery, myPHPNuke Myphpnuke My Egallery, MyPicGallery, My_eGallery Module, My Gallery, My Image Gallery, My Photo Gallery, NextCellent Gallery Plugin, nextgen-gallery Plugin, NextGEN Gallery, NextGEN Gallery Pro Plugin, Next Generation Image Gallery, Nitropowered NITRO Web Gallery, Nitropowered NiTrO Web Gallery, NP_Gallery Plugin, NuGetGallery, Nukedgallery Gallery, Obsession-Design Image-Gallery, Omilenitsolutions Com Omphotogallery, Ontarioabandonedplaces A Better Member-Based ASP Photo Gallery, OpenDock Easy Gallery, Particle Gallery, Particle Soft Particle Gallery, Paul Griffin Simple PHP Gallery, PAXXGallery Com Paxxgallery, Pensacola Web Designs Xtremeasp Photogallery, Pensacola Web Designs Xtreme ASP Photo Gallery, Percha Com Perchagallery, photo-gallery Plugin, photoblocks-grid-gallery Plugin, Photocrati NextGEN Gallery, PhotoGal PhotoGal Photo Gallery, Photogallerycreator Flash-album-gallery, Photokorn Gallery, PhotoPost PhotoPost vBGallery, Photoswipe Masonry Gallery Plugin, Photo Gallery, Photo Gallery by 10Web Plugin, Photo Gallery plugin, Photo Image Grid Gallery Plugin, Phpexplorer phPhotoGallery, Phpgalleryscript PHP Free Photo Gallery, PHPmyGallery, PHPQuickGallery, PhpWebGallery, Phpwebgallery, PHPWebGallery, PHP Kobo Photo Gallery CMS, Php Web Scripts Dynamic Photo Gallery, PinkCrow Designs Designs Gallery Magazin, Piwigo, piwigo, pixaria Pixaria Gallery, Pixaria Pixaria Gallery, Planetluc MyGallery, Planet Concept planetGallery, Plohni An image gallery, Pony Gallery, Portfolio Gallery, Product Catalog Plugin, Portfolio Responsive Gallery Plugin, Powerdev EncapsGallery, Powerplay Gallery Plugin, Puntolatinoclub Gallery Assist module, Quick Digital Image Gallery, R2K R2K Gallery, Ralf Image Gallery, RBX Gallery, Red Mexico RM+Soft Gallery, reflex-gallery Plugin, ReFlex Gallery Plugin, Responsive Image Gallery Plugin, rGallery plugin, RMSOFT Gallery System, RSGallery2 Com Rsgallery2, Samsung Gallery, SanyBee Gallery, Scriptaty magic photo storage website, Scry Gallery, Sebastian-thiele ST-Gallery, Selbstzweck rGallery plugin, Sergey Kiselev SGallery, SimpleGallery, Simple Image Gallery Plugin, Simple Image Gallery Web App, Simple PHP Scripts gallery, Simple Php Scripts Gallery, Simply Gallery Blocks with Lightbox, Singapore Gallery, Singapore Image Gallery Web Application, Skrypty PPA Gallery, Skrypty Ppa Gallery, Skyphe File-gallery, Slideshow Gallery Plugin, Snaps Gallery, Snipegallery Snipe Gallery, Snipe Gallery, Social Photo Gallery plugin, Softbiz Image Gallery, SoftComplex PHP Image Gallery, Softcomplex PHP Image Gallery, Splitside Directory Image Gallery, Squitosoft Squito Gallery, StoreFront Gallery, Supsystic Photo Gallery Plugin, Tenyearsgone ASP Folder Gallery, Terong Advanced Web Photo Gallery, TFTgallery, Tft Gallery, TFT Gallery, ThemeMakers Invento Responsive Gallery, tidio-gallery Plugin, TinyWebGallery, Tomex phpGalleryScript, Tribulant Slideshow Gallery Plugin, Tribulant Tibulant Slideshow Gallery, Tribulant Slideshow Gallery Plugin, TYPO3 Ws Gallery, TYPO3 WT Gallery, TYPO3 Wt Gallery, Uapplication Uphotogallery, Uapplication UPhotoGallery, unite-gallery-lite Plugin, Vacilanda Brilliant Gallery, Ventrian Simple Gallery, Verosky Media Instant Photo Gallery, Video Gallery Plugin, Visual Portfolio, Photo Gallery & Post Grid Plugin, w00t Gallery, Wabbit PHP Gallery, Wabbit Wabbit PHP Gallery, Web-Dorado Photo Gallery, Web-Dorado Photo Gallery by WD - Responsive Photo Gallery, Webgeneius GOOP Gallery, webGENEius GOOP Gallery, webmaster-tips.net Flash Image Gallery, Winged Gallery, Wingnut EasyGallery, woo-variation-gallery Plugin, Wotlab Community Gallery, wpape APE Gallery, WPChill Gallery PhotoBlocks Plugin, WPChill Gallery PhotoBlocks Plugin, Wpgetready NextCellent Gallery, wptf-image-gallery Plugin, WP Video Gallery Plugin, XeroXer Simple one-file gallery, Xigla Absolute Image Gallery XE, Xigla Absolute Image Gallery Xe, xodagallery, Xondie Vodpod Video Gallery, XOOPS Xoops Rmsoft Gallery System, Xoops Xoops Rmsoft Gallery System, Xtreme ASP Photo Gallery, yotuwp Video Gallery Plugin, Yuriy V Semenikhin YVS Image Gallery, zm-gallery Plugin, zOOm Media Gallery

PublishedBaseTempVulnerabilityProductExpRemCTICVE
09/13/20225.95.8Dean Oakley Photospace Gallery Plugin Setting access controlPhotospace Gallery PluginNot DefinedNot Defined0.00CVE-2022-38135
09/10/20224.34.3WPChill Gallery PhotoBlocks Plugin cross site scriptingGallery PhotoBlocks PluginNot DefinedNot Defined0.03CVE-2022-37407
09/07/20227.77.6All-in-One Video Gallery Plugin video.php server-side request forgeryAll-in-One Video Gallery PluginNot DefinedOfficial Fix0.00CVE-2022-2633
09/06/20225.55.3Visual Portfolio, Photo Gallery & Post Grid Plugin REST Endpoint injectionVisual Portfolio, Photo Gallery & Post Grid PluginNot DefinedOfficial Fix0.04CVE-2022-2597
09/06/20226.36.0Visual Portfolio, Photo Gallery & Post Grid Plugin REST Endpoint authorizationVisual Portfolio, Photo Gallery & Post Grid PluginNot DefinedOfficial Fix0.07CVE-2022-2543
09/01/20223.53.4Piwigo created-monthly-list cross site scriptingPiwigoNot DefinedNot Defined0.08CVE-2022-37183
08/24/20226.26.1WPChill Gallery PhotoBlocks Plugin cross-site request forgeryWPChill Gallery PhotoBlocks PluginNot DefinedNot Defined0.08CVE-2022-36292
08/24/20227.67.5Contest Gallery Plugin sql injectionContest Gallery PluginNot DefinedNot Defined0.05CVE-2022-36394
08/24/20226.86.7yotuwp Video Gallery Plugin improper authenticationVideo Gallery PluginNot DefinedNot Defined0.05CVE-2022-35726
07/19/20225.85.8Gallery for Social Photo gifeed_duplicate_feed cross-site request forgeryGallery for Social PhotoNot DefinedNot Defined0.00CVE-2022-2224
07/15/20226.96.8Piwigo Search sql injectionPiwigoNot DefinedNot Defined0.04CVE-2022-32297
07/13/20223.33.2Samsung Gallery S Pen Air Gesture access controlGalleryNot DefinedOfficial Fix0.03CVE-2022-33706
07/07/20226.05.9nextgen-gallery Plugin HTTP Request unrestricted uploadnextgen-gallery PluginNot DefinedOfficial Fix0.03CVE-2015-1785
07/07/20227.17.0nextgen-gallery Plugin HTTP Request unrestricted uploadnextgen-gallery PluginNot DefinedOfficial Fix0.09CVE-2015-1784
07/04/20225.25.1Gallery Plugin AJAX Action cross site scriptingGallery PluginNot DefinedOfficial Fix0.00CVE-2022-1946
06/28/20227.57.4piwigo LocalFiles Editor command injectionpiwigoNot DefinedNot Defined0.04CVE-2021-40553
06/27/20223.63.6NextCellent Gallery Plugin Image Setting cross site scriptingNextCellent Gallery PluginNot DefinedNot Defined0.04CVE-2022-1971
06/27/20223.63.6Grid Gallery Plugin Image Field cross site scriptingGrid Gallery PluginNot DefinedNot Defined0.03CVE-2022-1327
06/16/20224.84.8Supsystic Photo Gallery Plugin Setting cross-site request forgeryPhoto Gallery PluginNot DefinedNot Defined0.08CVE-2021-36891
06/14/20223.53.5Piwigo cross site scriptingPiwigoNot DefinedNot Defined0.00CVE-2021-40678
06/08/20222.42.3Photo Gallery by 10Web Plugin Setting cross site scriptingPhoto Gallery by 10Web PluginNot DefinedOfficial Fix0.04CVE-2022-1394
05/26/20226.36.3Piwigo admin.php sql injectionPiwigoNot DefinedNot Defined0.04CVE-2021-40317
05/16/20222.42.3Gmedia Photo Gallery Plugin Album Name cross site scriptingGmedia Photo Gallery PluginNot DefinedOfficial Fix0.03CVE-2022-0873
05/09/20227.37.1WP Video Gallery Plugin sql injectionWP Video Gallery PluginNot DefinedNot Defined0.03CVE-2022-0826
05/06/20226.36.3Piwigo batch_manager.php sql injectionPiwigoNot DefinedNot Defined0.03CVE-2020-19217

762 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!