VYPR

Coppermine Photo Gallery

by Coppermine

Source repositories

CVEs (56)

  • CVE-2006-5622Oct 31, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter.

  • CVE-2006-4321Aug 24, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-1909Apr 20, 2006
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.

  • CVE-2004-1985Apr 30, 2004
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter.

  • CVE-2004-1987Apr 30, 2004
    risk 0.01cvss epss 0.10

    picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.

  • CVE-2023-53868Dec 15, 2025
    risk 0.00cvss epss 0.01

    Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code…

  • CVE-2010-4815Feb 5, 2020
    risk 0.00cvss epss 0.02

    Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution.

  • CVE-2018-14478May 7, 2019
    risk 0.00cvss epss 0.01

    ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.

  • CVE-2015-6528Aug 20, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6)…

  • CVE-2015-3923Jun 10, 2015
    risk 0.00cvss epss 0.02

    Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.

  • CVE-2015-3922May 27, 2015
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.

  • CVE-2015-3921May 27, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.

  • CVE-2011-3722Sep 23, 2011
    risk 0.00cvss epss 0.01

    Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files.

  • CVE-2011-2476Jun 14, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667.

  • CVE-2010-4667Jun 14, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-7187Sep 9, 2009
    risk 0.00cvss epss 0.01

    Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.

  • CVE-2008-7186Sep 9, 2009
    risk 0.00cvss epss 0.01

    Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.

  • CVE-2008-1840Apr 16, 2008
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is…

  • CVE-2008-1841Apr 16, 2008
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited…

  • CVE-2008-0505Jan 31, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters.