Contest Gallery
Wasiliy Strecker / ContestGallery developer
Developer
28.1.5
Latest version
1,000
Installations
No date
Last updated
Vulnerability history
0 present
32 patched
17 Mitigation rules
- Server Side Request Forgery (SSRF) vulnerability<= 28.1.2.16 days ago
- Unauthenticated SQL Injection vulnerability<= 28.1.4Mar 3, 2026
- Broken Access Control vulnerability<= 28.1.1Jan 9, 2026
- Missing Authorization vulnerability<= 28.0.2Nov 14, 2025
- Cross Site Request Forgery (CSRF) vulnerability<= 28.0.0Oct 12, 2025
- Unauthenticated CSV Injection vulnerability<= 27.0.3Oct 10, 2025
- Authenticated (Author+) Stored Cross-Site Scripting vulnerability<= 27.0.2Oct 3, 2025
- Unauthenticated Stored Cross-Site Scripting vulnerability<= 26.1.0Jul 31, 2025
- Cross Site Scripting (XSS) Vulnerability<= 26.0.6Jul 11, 2025
- Authenticated (Author+) Stored Cross-Site Scripting vulnerability<= 26.0.8Jul 10, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability<= 26.0.6May 8, 2025
- Unauthenticated Stored Cross-Site Scripting vulnerability<= 26.0.0.1Feb 27, 2025
- SQL Injection vulnerability<= 25.1.0Jan 31, 2025
- Cross Site Scripting (XSS) vulnerability<= 24.0.3Dec 30, 2024
- Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover vulnerability<= 24.0.7Nov 27, 2024
- Unauthenticated SQL Injection vulnerability<= 24.0.3Nov 4, 2024
- Unauthenticated Comment UserID And IP address Disclosure vulnerability<= 23.1.2Aug 16, 2024
- Cross Site Scripting (XSS) vulnerability<= 23.1.2Jul 24, 2024
- Arbitrary File Deletion vulnerability<= 21.3.4Apr 22, 2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 24.0.3Mar 28, 2024
- SQL Injection vulnerability<= 21.3.2Mar 26, 2024
- SQL Injection vulnerability<= 21.3.4Mar 26, 2024
- Author+ Stored Cross Site Scripting vulnerability< 21.3.1Mar 12, 2024
- CSRF Leading to Gallery Creation vulnerability<= 21.2.8.4Feb 5, 2024
- Unauth. Stored XSS via HTTP Headers vulnerability< 21.2.8.1Oct 31, 2023
- Cross Site Scripting (XSS) vulnerability<= 21.1.2Mar 27, 2023
- Unauth. Stored Cross-Site Scripting (XSS) vulnerability<= 13.1.0.9Nov 23, 2022
- Authenticated SQL Injection (SQLi) vulnerability<= 17.0.4Aug 9, 2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 13.1.0.9Dec 20, 2021
- Missing Access Controls to Unauthenticated SQL injection (SQLi) / Email Address Disclosure vulnerability<= 13.1.0.5Nov 1, 2021
- Email Address Disclosure vulnerability<= 13.1.0.6Nov 1, 2021
- Cross-Site Request Forgery (CSRF) vulnerability<= 10.4.4Jul 10, 2019