cbcvebase.

Coppermine Photo Gallery vulnerabilities

34 known vulnerabilities affecting coppermine/coppermine_photo_gallery.

Total CVEs
34
CISA KEV
0
Public exploits
16
Exploited in wild
2
Severity breakdown
HIGH13MEDIUM19LOW2

Vulnerabilities

Page 1 of 2
CVE-2008-1841P2MEDIUMCVSS 6.8Exploitedv1.2.0v1.2.0rc2+20 more2008-04-16
CVE-2008-1841 [MEDIUM] CVE-2008-1841: SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Co SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address
nvd
CVE-2008-1840P2MEDIUMCVSS 6.5Exploited≤ 1.4.16v1.4+14 more2008-04-16
CVE-2008-1840 [MEDIUM] CWE-89 CVE-2008-1840: SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allow SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
nvd
CVE-2008-0506P2MEDIUMCVSS 6.8PoC≤ 1.4.142008-01-31
CVE-2008-0506 [MEDIUM] CWE-20 CVE-2008-0506: include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagic include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
nvd
CVE-2004-1988P3HIGHCVSS 7.5PoCv1.0_rc3v1.1_.0+4 more2004-04-30
CVE-2004-1988 [HIGH] CVE-2004-1988: PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php.
nvd
CVE-2007-4283P3HIGHCVSS 7.5PoCv1.3.12007-08-09
CVE-2007-4283 [HIGH] CVE-2007-4283: PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1 PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
nvd
CVE-2004-1989P3HIGHCVSS 7.5PoCv1.0_rc3v1.1_.0+4 more2004-04-30
CVE-2004-1989 [HIGH] CVE-2004-1989: PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remot PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.
nvd
CVE-2006-4321P3HIGHCVSS 7.5PoCv1.02006-08-24
CVE-2006-4321 [HIGH] CVE-2006-4321: PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cp PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
nvd
CVE-2007-3558P3HIGHCVSS 7.5PoC≤ 1.4.102007-07-04
CVE-2007-3558 [HIGH] CVE-2007-3558: SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
nvd
CVE-2007-4976P3MEDIUMCVSS 6.5PoCv1.4v1.4.2+5 more2007-09-19
CVE-2007-4976 [MEDIUM] CWE-22 CVE-2007-4976: Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlie Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.
nvd
CVE-2006-5622P3HIGHCVSS 7.5PoCv1.4.92006-10-31
CVE-2006-5622 [HIGH] CVE-2006-5622: SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter.
nvd
CVE-2007-1107P3HIGHCVSS 7.5PoCv1.3v1.3.2+2 more2007-02-26
CVE-2007-1107 [HIGH] CVE-2007-1107: SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.
nvd
CVE-2007-0122P3MEDIUMCVSS 6.5PoC≤ 1.4.10v1.0+13 more2007-01-09
CVE-2007-0122 [MEDIUM] CVE-2007-0122: Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote a Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4)
nvd
CVE-2004-1986P4MEDIUMCVSS 5.0PoCv1.0_rc3v1.1_.0+4 more2004-04-04
CVE-2004-1986 [MEDIUM] CVE-2004-1986: Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 al Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter.
nvd
CVE-2006-1909P4MEDIUMCVSS 5.0PoCv1.4.42006-04-20
CVE-2006-1909 [MEDIUM] CVE-2006-1909: Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read a Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.
nvd
CVE-2004-1987P3HIGHCVSS 7.5v1.0_rc3v1.1_.0+4 more2004-04-30
CVE-2004-1987 [HIGH] CVE-2004-1987: picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with a picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.
nvd
CVE-2009-1616P4MEDIUMCVSS 4.3PoCv1.4.222009-05-11
CVE-2009-1616 [MEDIUM] CVE-2009-1616: Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) befor Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.
nvd
CVE-2007-0836P4MEDIUMCVSS 4.0PoC≤ 1.4.102007-02-08
CVE-2007-0836 [MEDIUM] CVE-2007-0836: admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated user admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party informa
nvd
CVE-2004-1985P4MEDIUMCVSS 4.3PoCv1.0_rc3v1.1_.0+4 more2004-04-30
CVE-2004-1985 [MEDIUM] CVE-2004-1985: Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows r Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter.
nvd
CVE-2007-4977P4LOWCVSS 3.5PoCv1.4v1.4.2+5 more2007-09-19
CVE-2007-4977 [LOW] CWE-79 CVE-2007-4977: Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and ea Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.
nvd
CVE-2006-2514P3HIGHCVSS 7.5≤ 1.4.5v1.0_rc3+12 more2006-05-22
CVE-2006-2514 [HIGH] CVE-2006-2514: Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote att Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
nvd
Coppermine Photo Gallery vulnerabilities | cvebase