Coppermine Photo Gallery@1.4.14 Security Vulnerabilities and Issues — Coppermine Photo Gallery@1.4.14 CVE List

Lucene search

Coppermine-galleryCoppermine Photo Gallery1.4.14

9 matches found

CVE•added 2008/08/06 5:41 p.m.•45 views

CVE-2008-3486

Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized dat...

7.5CVSS7.1AI score0.02408EPSS

CVE•added 2012/09/04 8:55 p.m.•45 views

CVE-2012-1613

Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.

3.5CVSS5.3AI score0.01711EPSS

CVE•added 2009/09/09 5:30 p.m.•40 views

CVE-2008-7186

Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.

5CVSS6.1AI score0.00672EPSS

CVE•added 2012/09/04 8:55 p.m.•37 views

CVE-2012-1614

Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (...

5CVSS6.2AI score0.19004EPSS

CVE•added 2009/09/09 5:30 p.m.•34 views

CVE-2008-7187

Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.

5CVSS6.3AI score0.00319EPSS

CVE•added 2011/01/11 3:0 a.m.•32 views

CVE-2010-4693

Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.

4.3CVSS5.9AI score0.00374EPSS

CVE•added 2011/06/14 5:55 p.m.•31 views

CVE-2010-4667

Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00249EPSS

CVE•added 2008/08/05 7:41 p.m.•29 views

CVE-2008-3481

themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

7.5CVSS6.1AI score0.01409EPSS

CVE•added 2011/06/14 5:55 p.m.•28 views

CVE-2011-2476

Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667.

4.3CVSS5.8AI score0.00287EPSS