Contest Gallery
Wasiliy Strecker / ContestGallery developer
Developer
28.1.6
Latest version
1,000
Installations
No date
Last updated
Vulnerability history
0 present
34 patched
19 Mitigation rules
- Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion vulnerability<= 28.1.524/03/2026
- Account Takeover vulnerability<= 28.1.2.223/03/2026
- Server Side Request Forgery (SSRF) vulnerability<= 28.1.2.110/03/2026
- Unauthenticated SQL Injection vulnerability<= 28.1.403/03/2026
- Broken Access Control vulnerability<= 28.1.109/01/2026
- Missing Authorization vulnerability<= 28.0.214/11/2025
- Cross Site Request Forgery (CSRF) vulnerability<= 28.0.012/10/2025
- Unauthenticated CSV Injection vulnerability<= 27.0.310/10/2025
- Authenticated (Author+) Stored Cross-Site Scripting vulnerability<= 27.0.203/10/2025
- Unauthenticated Stored Cross-Site Scripting vulnerability<= 26.1.031/07/2025
- Cross Site Scripting (XSS) Vulnerability<= 26.0.611/07/2025
- Authenticated (Author+) Stored Cross-Site Scripting vulnerability<= 26.0.810/07/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability<= 26.0.608/05/2025
- Unauthenticated Stored Cross-Site Scripting vulnerability<= 26.0.0.127/02/2025
- SQL Injection vulnerability<= 25.1.031/01/2025
- Cross Site Scripting (XSS) vulnerability<= 24.0.330/12/2024
- Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover vulnerability<= 24.0.727/11/2024
- Unauthenticated SQL Injection vulnerability<= 24.0.304/11/2024
- Unauthenticated Comment UserID And IP address Disclosure vulnerability<= 23.1.216/08/2024
- Cross Site Scripting (XSS) vulnerability<= 23.1.224/07/2024
- Arbitrary File Deletion vulnerability<= 21.3.422/04/2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 24.0.328/03/2024
- SQL Injection vulnerability<= 21.3.226/03/2024
- SQL Injection vulnerability<= 21.3.426/03/2024
- Author+ Stored Cross Site Scripting vulnerability< 21.3.112/03/2024
- CSRF Leading to Gallery Creation vulnerability<= 21.2.8.405/02/2024
- Unauth. Stored XSS via HTTP Headers vulnerability< 21.2.8.131/10/2023
- Cross Site Scripting (XSS) vulnerability<= 21.1.227/03/2023
- Unauth. Stored Cross-Site Scripting (XSS) vulnerability<= 13.1.0.923/11/2022
- Authenticated SQL Injection (SQLi) vulnerability<= 17.0.409/08/2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 13.1.0.920/12/2021
- Missing Access Controls to Unauthenticated SQL injection (SQLi) / Email Address Disclosure vulnerability<= 13.1.0.501/11/2021
- Email Address Disclosure vulnerability<= 13.1.0.601/11/2021
- Cross-Site Request Forgery (CSRF) vulnerability<= 10.4.410/07/2019