cbcvebase.

Coppermine-Gallery Coppermine Photo Gallery vulnerabilities

19 known vulnerabilities affecting coppermine-gallery/coppermine_photo_gallery.

Total CVEs
19
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM14LOW2

Vulnerabilities

Page 1 of 1
CVE-2008-3486P3HIGHCVSS 7.5PoC≤ 1.4.18v1.0+24 more2008-08-06
CVE-2008-3486 [HIGH] CWE-22 CVE-2008-3486: Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in C Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.
nvd
CVE-2023-53868P2HIGHCVSS 8.8v1.6.252025-12-15
CVE-2023-53868 [HIGH] CWE-434 CVE-2023-53868: Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated a Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.
nvd
CVE-2008-0504P3MEDIUMCVSS 6.5PoC≤ 1.4.14v1.0+18 more2008-01-31
CVE-2008-0504 [MEDIUM] CWE-89 CVE-2008-0504: Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.
nvd
CVE-2008-3481P4HIGHCVSS 7.5PoC≤ 1.4.18v1.0+24 more2008-08-05
CVE-2008-3481 [HIGH] CWE-94 CVE-2008-3481: themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
nvd
CVE-2012-1614P4MEDIUMCVSS 5.0PoC≤ 1.5.18v1.0+50 more2012-09-04
CVE-2012-1614 [MEDIUM] CWE-200 CVE-2012-1614: Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via ( Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which revea
nvd
CVE-2010-4693P4MEDIUMCVSS 4.3PoC≤ 1.5.10v1.0+46 more2011-01-11
CVE-2010-4693 [MEDIUM] CWE-79 CVE-2010-4693: Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier a Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.
nvd
CVE-2012-1613P4LOWCVSS 3.5PoC≤ 1.5.18v1.0+49 more2012-09-04
CVE-2012-1613 [LOW] CWE-79 CVE-2012-1613: Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5. Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
nvd
CVE-2015-3923P4MEDIUMCVSS 5.0≤ 1.5.42015-06-10
CVE-2015-3923 [MEDIUM] CWE-200 CVE-2015-3923: Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full p Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.
nvd
CVE-2014-4612P4MEDIUMCVSS 6.1fixed in 1.5.28≥ 1.6.0, < 1.6.012018-03-16
CVE-2014-4612 [MEDIUM] CWE-79 CVE-2014-4612: Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Phot Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2018-14478P4MEDIUMCVSS 6.1v1.5.462019-05-07
CVE-2018-14478 [MEDIUM] CWE-79 CVE-2018-14478: ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, gre ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.
nvd
CVE-2015-3922P4MEDIUMCVSS 5.8≤ 1.5.342015-05-27
CVE-2015-3922 [MEDIUM] CVE-2015-3922: Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote atta Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.
nvd
CVE-2008-7186P4MEDIUMCVSS 5.0v1.4.142009-09-09
CVE-2008-7186 [MEDIUM] CVE-2008-7186: Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote at Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.
nvd
CVE-2015-6528P4MEDIUMCVSS 4.3v1.5.362015-08-20
CVE-2015-6528 [MEDIUM] CWE-79 CVE-2015-6528: Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Galle Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.
nvd
CVE-2005-3979P4MEDIUMCVSS 5.0v1.4v1.4.22005-12-03
CVE-2005-3979 [MEDIUM] CWE-287 CVE-2005-3979: relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after instal relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.
nvd
CVE-2011-2476P4MEDIUMCVSS 4.3≤ 1.5.10v1.0+46 more2011-06-14
CVE-2011-2476 [MEDIUM] CVE-2011-2476: Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remo Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667.
nvd
CVE-2011-3722P4MEDIUMCVSS 5.0v1.5.122011-09-23
CVE-2011-3722 [MEDIUM] CWE-200 CVE-2011-3722: Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files.
nvd
CVE-2010-4667P4MEDIUMCVSS 4.3≤ 1.4.26v1.0+38 more2011-06-14
CVE-2010-4667 [MEDIUM] CWE-79 CVE-2010-4667: Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remo Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2015-3921P4LOWCVSS 3.5≤ 1.5.342015-05-27
CVE-2015-3921 [LOW] CWE-79 CVE-2015-3921: Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 al Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.
nvd
CVE-2008-7187P4MEDIUMCVSS 5.0v1.4.142009-09-09
CVE-2008-7187 [MEDIUM] CWE-200 CVE-2008-7187: Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.
nvd
Coppermine-Gallery Coppermine Photo Gallery vulnerabilities | cvebase