4homepages 4images
12 CVEs affecting 4homepages 4images. Latest disclosed: 2026-01-13. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-50806 | High | 7.2 | 2026-01-13 | 4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing fu… |
CVE-2021-27308 | Medium | 4.8 | 2021-03-22 | A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" para… |
CVE-2020-35853 | Medium | 4.8 | 2021-01-26 | 4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inje… |
CVE-2015-7708 | | 2015-10-05 | Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat_description p… | |
CVE-2012-1023 | | 2012-02-08 | Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks… | |
CVE-2012-1022 | | 2012-02-08 | SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an… | |
CVE-2012-1021 | | 2012-02-08 | Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_p… | |
CVE-2009-2380 | | 2009-07-08 | Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML… | |
CVE-2009-2132 | | 2009-06-19 | Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbi… | |
CVE-2009-2131 | | 2009-06-19 | Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a c… | |
CVE-2006-5236 | | 2006-10-11 | SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter. | |
CVE-2006-2011 | | 2006-04-25 | Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickna… |