This page lists publicly disclosed CVE vulnerabilities affecting uapplication uphotogallery (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2007-0815 | Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023. | [email protected] | 4.3 | 1.06% | 2007-02-07 | 2026-04-23 |
| CVE-2006-6247 | Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1.1 allow remote attackers to execute arbitrary SQL commands via the ci parameter to (1) slideshow.asp or (2) thumbnails.asp. | [email protected] | 7.5 | 1.19% | 2006-12-04 | 2026-04-23 |
| CVE-2006-3023 | Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp in Uapplication Uphotogallery 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) block parameters. | [email protected] | 4.3 | 1.16% | 2006-06-15 | 2026-04-16 |
| CVE-2005-1427 | Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb. | [email protected] | 7.5 | 1.71% | 2005-05-03 | 2026-04-16 |