Coppermine Photo Gallery@* Security Vulnerabilities and Issues — Coppermine Photo Gallery@* CVE List

Lucene search

Coppermine-galleryCoppermine Photo Gallery*

12 matches found

CVE•added 2008/08/06 5:41 p.m.•45 views

CVE-2008-3486

Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized dat...

7.5CVSS7.1AI score0.02408EPSS

CVE•added 2012/09/04 8:55 p.m.•45 views

CVE-2012-1613

Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.

3.5CVSS5.3AI score0.01711EPSS

CVE•added 2015/06/10 6:59 p.m.•39 views

CVE-2015-3923

Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.

5CVSS6.8AI score0.00417EPSS

CVE•added 2012/09/04 8:55 p.m.•37 views

CVE-2012-1614

Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (...

5CVSS6.2AI score0.19004EPSS

CVE•added 2008/01/31 8:0 p.m.•36 views

CVE-2008-0504

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.

6.5CVSS8AI score0.00672EPSS

CVE•added 2015/05/27 6:59 p.m.•36 views

CVE-2015-3921

Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.

3.5CVSS5.4AI score0.00157EPSS

CVE•added 2011/01/11 3:0 a.m.•32 views

CVE-2010-4693

Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.

4.3CVSS5.9AI score0.00374EPSS

CVE•added 2015/05/27 6:59 p.m.•32 views

CVE-2015-3922

Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.

5.8CVSS6.9AI score0.00303EPSS

CVE•added 2011/06/14 5:55 p.m.•31 views

CVE-2010-4667

Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00249EPSS

CVE•added 2018/03/16 5:29 p.m.•30 views

CVE-2014-4612

Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS6AI score0.0054EPSS

CVE•added 2008/08/05 7:41 p.m.•29 views

CVE-2008-3481

themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

7.5CVSS6.1AI score0.01409EPSS

CVE•added 2011/06/14 5:55 p.m.•28 views

CVE-2011-2476

Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667.

4.3CVSS5.8AI score0.00287EPSS