4homepages 4images

12 CVEs affecting 4homepages 4images. Latest disclosed: 2026-01-13. Critical: 0, High: 1.

Top CVEs affecting 4homepages 4images
CVESeverityScorePublishedSummary
CVE-2022-50806High7.22026-01-134images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing fu…
CVE-2021-27308Medium4.82021-03-22A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" para…
CVE-2020-35853Medium4.82021-01-264images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inje…
CVE-2015-77082015-10-05Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat_description p…
CVE-2012-10232012-02-08Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks…
CVE-2012-10222012-02-08SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an…
CVE-2012-10212012-02-08Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_p…
CVE-2009-23802009-07-08Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML…
CVE-2009-21322009-06-19Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbi…
CVE-2009-21312009-06-19Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a c…
CVE-2006-52362006-10-11SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter.
CVE-2006-20112006-04-25Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickna…