VYPR

Coppermine Photo Gallery

by Coppermine

Source repositories

CVEs (56)

  • CVE-2007-5888Nov 7, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.

  • CVE-2007-1414Mar 12, 2007
    risk 0.00cvss epss 0.05

    Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php,…

  • CVE-2007-0835Feb 8, 2007
    risk 0.00cvss epss 0.01

    admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's…

  • CVE-2007-0115Jan 9, 2007
    risk 0.00cvss epss 0.01

    Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed…

  • CVE-2006-6123Nov 26, 2006
    risk 0.00cvss epss 0.01

    Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical…

  • CVE-2006-3064Jun 19, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.

  • CVE-2006-2976Jun 12, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.

  • CVE-2006-2514May 22, 2006
    risk 0.00cvss epss 0.02

    Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.

  • CVE-2006-0872Feb 24, 2006
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter.

  • CVE-2006-0873Feb 24, 2006
    risk 0.00cvss epss 0.02

    Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames.

  • CVE-2005-3979Dec 3, 2005
    risk 0.00cvss epss 0.02

    relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.

  • CVE-2005-2676Aug 23, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data.

  • CVE-2005-1226May 2, 2005
    risk 0.00cvss epss 0.02

    Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.

  • CVE-2005-1172May 2, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter.

  • CVE-2005-1225May 2, 2005
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php.

  • CVE-2004-1984May 2, 2004
    risk 0.00cvss epss 0.03

    Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path…

Page 3 of 3