Coppermine-gallery

Coppermine Photo Gallery

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2011-2476

  • EPSS 0.29%
  • Veröffentlicht 14.06.2011 17:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667.

4.3

CVE-2010-4667

  • EPSS 0.25%
  • Veröffentlicht 14.06.2011 17:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2010-4693

Exploit
  • EPSS 0.37%
  • Veröffentlicht 11.01.2011 03:00:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew...

5

CVE-2008-7187

Exploit
  • EPSS 0.32%
  • Veröffentlicht 09.09.2009 17:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.

5

CVE-2008-7186

Exploit
  • EPSS 0.32%
  • Veröffentlicht 09.09.2009 17:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-...

7.5

CVE-2008-3486

  • EPSS 3.89%
  • Veröffentlicht 06.08.2008 17:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via ...

7.5

CVE-2008-3481

  • EPSS 3.58%
  • Veröffentlicht 05.08.2008 19:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

6.5

CVE-2008-0504

  • EPSS 0.67%
  • Veröffentlicht 31.01.2008 20:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_...

5

CVE-2005-3979

  • EPSS 0.6%
  • Veröffentlicht 03.12.2005 19:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct re...