Coppermine Photo Gallery Security Vulnerabilities and Issues — Coppermine Photo Gallery CVE List

Lucene search

CoppermineCoppermine Photo Gallery

9 matches found

CVE•added 2006/08/24 1:4 a.m.•123 views

CVE-2006-4321

PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5CVSS8AI score0.14193EPSS

CVE•added 2006/02/24 11:2 a.m.•53 views

CVE-2006-0873

Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames.

5CVSS6.8AI score0.00806EPSS

CVE•added 2006/05/22 10:2 p.m.•40 views

CVE-2006-2514

Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.

7.5CVSS6.8AI score0.00741EPSS

CVE•added 2006/04/20 6:6 p.m.•38 views

CVE-2006-1909

Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.

5CVSS6.5AI score0.05202EPSS

CVE•added 2006/06/19 10:2 a.m.•38 views

CVE-2006-3064

SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.

7.5CVSS8.8AI score0.00603EPSS

CVE•added 2006/06/12 10:2 p.m.•34 views

CVE-2006-2976

Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.

7.5CVSS7.1AI score0.00737EPSS

CVE•added 2006/10/31 8:7 p.m.•33 views

CVE-2006-5622

SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter.

7.5CVSS8.8AI score0.00944EPSS

CVE•added 2006/11/26 11:7 p.m.•32 views

CVE-2006-6123

Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are u...

2.6CVSS6.5AI score0.01609EPSS

CVE•added 2006/02/24 11:2 a.m.•28 views

CVE-2006-0872

Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter.

5CVSS6.6AI score0.02538EPSS