IDCVSSSummaryLast (major) updatePublished
CVE-2006-2514 7.5
Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. Product is vulnerable when running on Apache with mod_mime installed.
20-07-2017 - 01:31 22-05-2006 - 22:02
CVE-2007-0115 6.0
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, wh
16-10-2018 - 16:31 09-01-2007 - 02:28
CVE-2007-0122 6.5
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.p
16-10-2018 - 16:31 09-01-2007 - 02:28
CVE-2007-0835 6.5
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as
29-07-2017 - 01:30 08-02-2007 - 00:28
CVE-2007-0836 4.0
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields
29-07-2017 - 01:30 08-02-2007 - 00:28
CVE-2007-1414 10.0
Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter
16-10-2018 - 16:38 12-03-2007 - 23:19
CVE-2007-3558 7.5
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
05-09-2008 - 21:26 04-07-2007 - 16:30
CVE-2007-5888 4.3
Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.
29-07-2017 - 01:33 07-11-2007 - 21:46
CVE-2008-0505 4.3
Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters.
15-10-2018 - 22:00 31-01-2008 - 20:00
CVE-2008-0506 6.8
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angl
15-10-2018 - 22:00 31-01-2008 - 20:00
CVE-2008-1840 6.5
SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided
08-08-2017 - 01:30 16-04-2008 - 17:05
CVE-2006-4321 7.5
PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
19-10-2017 - 01:29 24-08-2006 - 01:04
CVE-2004-1984 5.0
Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.ph
11-07-2017 - 01:31 02-05-2004 - 04:00
CVE-2004-1985 4.3
Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter.
11-07-2017 - 01:31 30-04-2004 - 04:00
CVE-2004-1986 5.0
Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter.
11-07-2017 - 01:31 04-04-2004 - 05:00
CVE-2004-1987 7.5
picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.
11-07-2017 - 01:31 30-04-2004 - 04:00
CVE-2004-1988 7.5
PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php.
11-07-2017 - 01:31 30-04-2004 - 04:00
CVE-2004-1989 7.5
PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_
11-07-2017 - 01:31 30-04-2004 - 04:00
CVE-2005-1172 4.3
Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter.
18-10-2016 - 03:17 02-05-2005 - 04:00
CVE-2005-2676 4.3
Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data.
05-09-2008 - 20:52 23-08-2005 - 04:00
CVE-2008-1841 6.8
SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the sessi
08-08-2017 - 01:30 16-04-2008 - 17:05
CVE-2007-4283 7.5
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
15-10-2018 - 21:34 09-08-2007 - 21:17
CVE-2005-1225 7.5
SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php.
11-07-2017 - 01:32 02-05-2005 - 04:00
CVE-2005-1226 7.5
Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.
11-07-2017 - 01:32 02-05-2005 - 04:00
CVE-2007-1107 7.5
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versi
16-10-2018 - 16:36 26-02-2007 - 17:28
CVE-2007-4976 6.5
Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.
15-10-2018 - 21:39 19-09-2007 - 18:17
CVE-2007-4977 3.5
Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.
15-10-2018 - 21:39 19-09-2007 - 18:17
CVE-2009-1616 4.3
Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.
12-05-2009 - 04:00 11-05-2009 - 20:30
CVE-2006-2976 7.5
Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.
20-07-2017 - 01:31 12-06-2006 - 22:02
CVE-2006-0872 5.0
Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter.
20-07-2017 - 01:30 24-02-2006 - 11:02
CVE-2006-0873 5.0
Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames.
20-07-2017 - 01:30 24-02-2006 - 11:02
CVE-2006-1909 5.0
Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "
20-07-2017 - 01:31 20-04-2006 - 18:06
CVE-2006-3064 7.5
SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and
18-10-2018 - 16:45 19-06-2006 - 10:02
CVE-2006-6123 2.6
Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _R
29-07-2017 - 01:29 26-11-2006 - 23:07
CVE-2006-5622 7.5
SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter. This vulnerability is addressed in the following product release: Coppermine, Photo Gallery,
19-10-2017 - 01:29 31-10-2006 - 20:07
Back to Top Mark selected
Back to Top