Coppermine Photo Gallery@1.1 beta 2 Security Vulnerabilities and Issues — Coppermine Photo Gallery@1.1 beta 2 CVE List

Lucene search

CoppermineCoppermine Photo Gallery1.1 beta 2

10 matches found

CVE•added 2005/05/10 4:0 a.m.•113 views

CVE-2004-1988

PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php.

7.5CVSS8AI score0.00081EPSS

CVE•added 2005/05/10 4:0 a.m.•49 views

CVE-2004-1987

picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.

7.5CVSS8.1AI score0.00283EPSS

CVE•added 2005/05/10 4:0 a.m.•48 views

CVE-2004-1989

PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.

7.5CVSS8AI score0.00081EPSS

CVE•added 2005/05/10 4:0 a.m.•41 views

CVE-2004-1984

Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error mess...

5CVSS6.6AI score0.0055EPSS

CVE•added 2005/05/02 4:0 a.m.•41 views

CVE-2005-1172

Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter.

4.3CVSS5.6AI score0.00346EPSS

CVE•added 2005/05/10 4:0 a.m.•40 views

CVE-2004-1985

Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter.

4.3CVSS6AI score0.00164EPSS

CVE•added 2006/05/22 10:2 p.m.•40 views

CVE-2006-2514

Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.

7.5CVSS6.8AI score0.00741EPSS

CVE•added 2005/08/23 4:0 a.m.•39 views

CVE-2005-2676

Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data.

4.3CVSS5.7AI score0.00346EPSS

CVE•added 2007/01/09 2:28 a.m.•39 views

CVE-2007-0122

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and ...

6.5CVSS8.2AI score0.01631EPSS

CVE•added 2005/05/10 4:0 a.m.•37 views

CVE-2004-1986

Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter.

5CVSS7.1AI score0.00111EPSS