Coppermine-gallery

Coppermine Photo Gallery

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-53868

Exploit
  • EPSS 0.49%
  • Veröffentlicht 15.12.2025 20:22:36
  • Zuletzt bearbeitet 18.12.2025 22:35:06

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory...

6.1

CVE-2018-14478

Exploit
  • EPSS 0.21%
  • Veröffentlicht 07.05.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:10

ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.

6.1

CVE-2014-4612

  • EPSS 0.54%
  • Veröffentlicht 16.03.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 02:10:34

Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2015-6528

Exploit
  • EPSS 0.21%
  • Veröffentlicht 20.08.2015 20:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbs...

5

CVE-2015-3923

Exploit
  • EPSS 0.42%
  • Veröffentlicht 10.06.2015 18:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.

5.8

CVE-2015-3922

  • EPSS 0.3%
  • Veröffentlicht 27.05.2015 18:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.

3.5

CVE-2015-3921

  • EPSS 0.16%
  • Veröffentlicht 27.05.2015 18:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.

5

CVE-2012-1614

Exploit
  • EPSS 14.12%
  • Veröffentlicht 04.09.2012 20:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter ...

3.5

CVE-2012-1613

Exploit
  • EPSS 1.9%
  • Veröffentlicht 04.09.2012 20:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.

5

CVE-2011-3722

Exploit
  • EPSS 0.35%
  • Veröffentlicht 23.09.2011 23:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files...