Total
35 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1616 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505. | |||||
CVE-2008-1841 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable. | |||||
CVE-2008-1840 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload. | |||||
CVE-2008-0506 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 6.8 MEDIUM | N/A |
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php. | |||||
CVE-2008-0505 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. | |||||
CVE-2007-5888 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter. | |||||
CVE-2007-4977 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter. | |||||
CVE-2007-4976 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 6.5 MEDIUM | N/A |
Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter. | |||||
CVE-2007-4283 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter. | |||||
CVE-2007-3558 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. | |||||
CVE-2007-1414 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 10.0 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php. | |||||
CVE-2007-1107 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies. | |||||
CVE-2007-0836 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 4.0 MEDIUM | N/A |
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-0835 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 6.5 MEDIUM | N/A |
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-0122 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions. | |||||
CVE-2007-0115 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 6.0 MEDIUM | N/A |
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php. | |||||
CVE-2006-6123 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 2.6 LOW | N/A |
Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected. | |||||
CVE-2006-5622 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter. | |||||
CVE-2006-4321 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-3064 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. |