Coppermine Photo Gallery vulnerabilities
34 known vulnerabilities affecting coppermine/coppermine_photo_gallery.
Total CVEs
34
CISA KEV
0
Public exploits
16
Exploited in wild
2
Severity breakdown
HIGH13MEDIUM19LOW2
Vulnerabilities
Page 2 of 2
CVE-2006-3064P4HIGHCVSS 7.5v1.4.82006-06-19
CVE-2006-3064 [HIGH] CWE-89 CVE-2006-3064: SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo
SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.
nvd
CVE-2005-1225P4HIGHCVSS 7.5v1.3.22005-05-02
CVE-2005-1225 [HIGH] CVE-2005-1225: SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arb
SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php.
nvd
CVE-2006-2976P4HIGHCVSS 7.5v1.4.2v1.4.3+4 more2006-06-12
CVE-2006-2976 [HIGH] CVE-2006-2976: Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact
Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.
nvd
CVE-2007-0835P4MEDIUMCVSS 6.5≤ 1.4.102007-02-08
CVE-2007-0835 [MEDIUM] CVE-2007-0835: admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated user
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details ar
nvd
CVE-2007-0115P4MEDIUMCVSS 6.0≤ 1.4.102007-01-09
CVE-2007-0115 [MEDIUM] CVE-2007-0115: Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote aut
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.
nvd
CVE-2006-0872P4MEDIUMCVSS 5.0v1.4.32006-02-24
CVE-2006-0872 [MEDIUM] CVE-2006-0872: Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allo
Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter.
nvd
CVE-2005-1226P4HIGHCVSS 7.5v1.3.22005-05-02
CVE-2005-1226 [HIGH] CVE-2005-1226: Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtai
Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.
nvd
CVE-2006-0873P4MEDIUMCVSS 5.0v1.4.32006-02-24
CVE-2006-0873 [MEDIUM] CVE-2006-0873: Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and ear
Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames.
nvd
CVE-2008-0505P4MEDIUMCVSS 4.3≤ 1.4.14v1.4.10+3 more2008-01-31
CVE-2008-0505 [MEDIUM] CWE-79 CVE-2008-0505: Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery
Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters.
nvd
CVE-2005-2676P4MEDIUMCVSS 4.3v1.0_rc3v1.1_.0+7 more2005-08-23
CVE-2005-2676 [MEDIUM] CVE-2005-2676: Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.
Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data.
nvd
CVE-2005-1172P4MEDIUMCVSS 4.3v1.0_rc3v1.1_.0+5 more2005-05-02
CVE-2005-1172 [MEDIUM] CVE-2005-1172: Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows re
Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter.
nvd
CVE-2007-5888P4MEDIUMCVSS 4.3≤ 1.4.132007-11-07
CVE-2007-5888 [MEDIUM] CWE-79 CVE-2007-5888: Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) befor
Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.
nvd
CVE-2006-6123P4LOWCVSS 2.6v1.4.8_stable2006-11-26
CVE-2006-6123 [LOW] CVE-2006-6123: Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers
Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable fr
nvd
CVE-2004-1984P4MEDIUMCVSS 5.0v1.0_rc3v1.1_.0+4 more2004-05-02
CVE-2004-1984 [MEDIUM] CVE-2004-1984: Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive informatio
Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message.
nvd
← Previous2 / 2