Coppermine

Coppermine Photo Gallery

35 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2006-2976

  • EPSS 0.74%
  • Veröffentlicht 12.06.2006 22:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.

7.5

CVE-2006-2514

  • EPSS 0.74%
  • Veröffentlicht 22.05.2006 22:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.

5

CVE-2006-1909

Exploit
  • EPSS 5.2%
  • Veröffentlicht 20.04.2006 18:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "...

5

CVE-2006-0873

Exploit
  • EPSS 0.81%
  • Veröffentlicht 24.02.2006 11:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames.

5

CVE-2006-0872

Exploit
  • EPSS 2.54%
  • Veröffentlicht 24.02.2006 11:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter.

4.3

CVE-2005-2676

  • EPSS 0.35%
  • Veröffentlicht 23.08.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data.

7.5

CVE-2005-1226

Exploit
  • EPSS 0.86%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.

7.5

CVE-2005-1225

  • EPSS 0.5%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php.

4.3

CVE-2005-1172

  • EPSS 0.35%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter.

5

CVE-2004-1984

Exploit
  • EPSS 0.55%
  • Veröffentlicht 02.05.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.ph...