VYPR
Vendor

Coppermine

Products
4
CVEs
56
Across products
68
Status
Private

Products

4

Recent CVEs

56
View all 56 CVEs →
  • CVE-2026-3013HigMar 11, 2026
    risk 0.57cvss epss 0.01

    Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow to read content of any file accessible by the the web server process.This issue…

  • CVE-2014-4612MedMar 16, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-0506Jan 31, 2008
    risk 0.08cvss epss 0.59

    include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter…

  • CVE-2012-1614Sep 4, 2012
    risk 0.04cvss epss 0.09

    Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid…

  • CVE-2008-3486Aug 6, 2008
    risk 0.04cvss epss 0.06

    Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang…

  • CVE-2007-4976Sep 19, 2007
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.

  • CVE-2004-1988Apr 30, 2004
    risk 0.04cvss epss 0.09

    PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php.

  • CVE-2004-1989Apr 30, 2004
    risk 0.04cvss epss 0.09

    PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.

  • CVE-2004-1986Apr 4, 2004
    risk 0.04cvss epss 0.11

    Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter.

  • CVE-2012-1613Sep 4, 2012
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.

  • CVE-2010-4693Jan 11, 2011
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.

  • CVE-2009-1616May 11, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.

  • CVE-2008-3481Aug 5, 2008
    risk 0.03cvss epss 0.02

    themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

  • CVE-2008-0504Jan 31, 2008
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to…

  • CVE-2007-4977Sep 19, 2007
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.

  • CVE-2007-4283Aug 9, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.

  • CVE-2007-3558Jul 4, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.

  • CVE-2007-1107Feb 26, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using…

  • CVE-2007-0836Feb 8, 2007
    risk 0.03cvss epss 0.02

    admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of…

  • CVE-2007-0122Jan 9, 2007
    risk 0.03cvss epss 0.03

    Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter…