mcgallery 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk input validation、パス処理の欠陥, and vendor risk sql injection などに関し、一部は vendor impact unexpected behavior を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2007-1478 | download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter. | [email protected] | 5.0 | 2.50% | 2007-03-16 | 2026-04-23 |
| CVE-2006-4720 | PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. | [email protected] | 7.5 | 3.53% | 2006-09-12 | 2026-04-16 |
| CVE-2005-4251 | Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and the (4) album parameter to index.php. | [email protected] | 7.5 | 1.29% | 2005-12-14 | 2026-04-16 |
| CVE-2005-4250 | Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read arbitrary files via the language parameter. | [email protected] | 5.0 | 3.07% | 2005-12-14 | 2026-04-16 |
| CVE-2005-1998 | Directory traversal vulnerability in admin.php in McGallery 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. | [email protected] | 5.0 | 3.07% | 2005-06-15 | 2026-04-16 |
| CVE-2005-1997 | show.php in McGallery 1.1 allows remote attackers to connect to arbitrary databases, or gain sensitive information by triggering an error, via a modified host parameter. | [email protected] | 5.0 | 1.43% | 2005-06-15 | 2026-04-16 |