Coppermine Photo Gallery Security Vulnerabilities and Issues — Coppermine Photo Gallery CVE List

Lucene search

CoppermineCoppermine Photo Gallery

13 matches found

CVE•added 2006/08/24 1:4 a.m.•123 views

CVE-2006-4321

PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5CVSS8AI score0.14193EPSS

CVE•added 2005/05/10 4:0 a.m.•113 views

CVE-2004-1988

PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php.

7.5CVSS8AI score0.00081EPSS

CVE•added 2007/07/04 4:30 p.m.•54 views

CVE-2007-3558

SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.

7.5CVSS8.6AI score0.00659EPSS

CVE•added 2005/05/10 4:0 a.m.•49 views

CVE-2004-1987

picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.

7.5CVSS8.1AI score0.00283EPSS

CVE•added 2005/05/10 4:0 a.m.•48 views

CVE-2004-1989

PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.

7.5CVSS8AI score0.00081EPSS

CVE•added 2007/02/26 5:28 p.m.•45 views

CVE-2007-1107

SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.

7.5CVSS7.9AI score0.02369EPSS

CVE•added 2006/05/22 10:2 p.m.•40 views

CVE-2006-2514

Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.

7.5CVSS6.8AI score0.00741EPSS

CVE•added 2006/06/19 10:2 a.m.•38 views

CVE-2006-3064

SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.

7.5CVSS8.8AI score0.00603EPSS

CVE•added 2007/08/09 9:17 p.m.•38 views

CVE-2007-4283

PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.

7.5CVSS7.5AI score0.04399EPSS

CVE•added 2005/05/02 4:0 a.m.•37 views

CVE-2005-1226

Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.

7.5CVSS6.5AI score0.00861EPSS

CVE•added 2006/06/12 10:2 p.m.•34 views

CVE-2006-2976

Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.

7.5CVSS7.1AI score0.00737EPSS

CVE•added 2006/10/31 8:7 p.m.•33 views

CVE-2006-5622

SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter.

7.5CVSS8.8AI score0.00944EPSS

CVE•added 2005/05/02 4:0 a.m.•32 views

CVE-2005-1225

SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php.

7.5CVSS8.4AI score0.00502EPSS