Coppermine

Coppermine Photo Gallery

35 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2009-1616

Exploit
  • EPSS 0.84%
  • Published 11.05.2009 20:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.

6.8

CVE-2008-1841

  • EPSS 0.57%
  • Published 16.04.2008 17:05:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the sessi...

6.5

CVE-2008-1840

  • EPSS 0.52%
  • Published 16.04.2008 17:05:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided...

6.8

CVE-2008-0506

Exploit
  • EPSS 88.39%
  • Published 31.01.2008 20:00:00
  • Last modified 09.04.2025 00:30:58

include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angl...

4.3

CVE-2008-0505

  • EPSS 0.52%
  • Published 31.01.2008 20:00:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters.

4.3

CVE-2007-5888

  • EPSS 0.33%
  • Published 07.11.2007 21:46:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.

3.5

CVE-2007-4977

Exploit
  • EPSS 0.84%
  • Published 19.09.2007 18:17:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.

6.5

CVE-2007-4976

  • EPSS 15.84%
  • Published 19.09.2007 18:17:00
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.

7.5

CVE-2007-4283

  • EPSS 4.4%
  • Published 09.08.2007 21:17:00
  • Last modified 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.

7.5

CVE-2007-3558

  • EPSS 0.66%
  • Published 04.07.2007 16:30:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.