VYPR

Vendor CVEs

Coppermine

All CVEs

56 total · sorted by risk
  • CVE-2005-3979Dec 3, 2005
    risk 0.00cvss epss 0.02

    relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.

  • CVE-2005-2676Aug 23, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data.

  • CVE-2005-1226May 2, 2005
    risk 0.00cvss epss 0.02

    Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.

  • CVE-2005-1172May 2, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter.

  • CVE-2005-1225May 2, 2005
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php.

  • CVE-2004-1984May 2, 2004
    risk 0.00cvss epss 0.03

    Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path…

Page 2 of 2