myGallery <= 1.4b4 – Unauthenticated File Inclusion | CVE 2007-2426

Affects Plugins

mygallery

No known fix

References

CVE

CVE-2007-2426

Exploitdb

3814

Classification

Type

RFI

OWASP top 10

A1: Injection

CWE

CWE-98

CVSS

9.4 (critical)

Miscellaneous

Verified

No

WPVDB ID

35a80f1b-3825-45f8-ba88-5b95681baa94

Timeline

Publicly Published

2007-04-29 (about 18 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2020-10-28 (about 5 years ago)

Other

Published

Title

Published

2026-02-25

Title

Quantum <= 1.0 - Unauthenticated Local File Inclusion

Published

2024-07-24

Title

LearnPress < 4.2.6.9 - Authenticated (Contributor+) Local File Inclusion

Published

2025-05-07

Title

List category posts < 0.92.0 - Contributor+ Local File Inclusion

Published

2021-06-28

Title

Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF

Published

2024-04-17

Title

Salient Shortcodes < 1.5.4 - Authenticated (Contributor+) Local File Inclusion via Shortcode