Vulnerabilities > Coppermine Gallery

DATE CVE VULNERABILITY TITLE RISK
2020-02-05 CVE-2010-4815 Improper Input Validation vulnerability in Coppermine-Gallery Coppermine Gallery
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution.
network
low complexity
coppermine-gallery CWE-20
7.5
2019-05-07 CVE-2018-14478 Cross-site Scripting vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.5.46
ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.
4.3
2018-03-16 CVE-2014-4612 Cross-site Scripting vulnerability in Coppermine-Gallery Coppermine Photo Gallery
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
2015-08-20 CVE-2015-6528 Cross-site Scripting vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.5.36
Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.
4.3
2015-06-10 CVE-2015-3923 Information Exposure vulnerability in Coppermine-Gallery Coppermine Photo Gallery
Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.
network
low complexity
coppermine-gallery CWE-200
5.0
2015-05-27 CVE-2015-3922 Open Redirection vulnerability in Coppermine Photo Gallery
Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.
5.8
2015-05-27 CVE-2015-3921 Cross-site Scripting vulnerability in Coppermine-Gallery Coppermine Photo Gallery
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.
3.5
2012-09-04 CVE-2012-1614 Information Exposure vulnerability in Coppermine-Gallery Coppermine Photo Gallery
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.
network
low complexity
coppermine-gallery CWE-200
5.0
2012-09-04 CVE-2012-1613 Cross-Site Scripting vulnerability in Coppermine-Gallery Coppermine Photo Gallery
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
3.5
2011-09-23 CVE-2011-3722 Information Exposure vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.5.12
Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files.
network
low complexity
coppermine-gallery CWE-200
5.0