This page aggregates publicly disclosed CVE and security risk information related to verosky_media, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2006-2080 | SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the count_click function in includes/functions/fns_std.php. NOTE: this issue could produce resultant XSS. | [email protected] | 6.8 | 1.70% | 2006-04-27 | 2026-06-16 |
| CVE-2006-2079 | Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky Media Instant Photo Gallery, possibly before 1.0.2, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. | [email protected] | 4.3 | 1.87% | 2006-04-27 | 2026-06-16 |
| CVE-2006-2052 | Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since the "viewpro" string does not appear in the source code for version 1.0.2 of the product. | [email protected] | 5.8 | 1.82% | 2006-04-26 | 2026-06-16 |
| CVE-2005-3986 | Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php. | [email protected] | 7.5 | 2.63% | 2005-12-04 | 2026-06-16 |