Vulnerabilities > Coppermine Gallery > Coppermine Photo Gallery

DATE CVE VULNERABILITY TITLE RISK
2019-05-07 CVE-2018-14478 Cross-site Scripting vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.5.46
ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.
network
low complexity
coppermine-gallery CWE-79
6.1
2018-03-16 CVE-2014-4612 Cross-site Scripting vulnerability in Coppermine-Gallery Coppermine Photo Gallery
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
coppermine-gallery CWE-79
6.1
2015-08-20 CVE-2015-6528 Cross-site Scripting vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.5.36
Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.
4.3
2011-09-23 CVE-2011-3722 Information Exposure vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.5.12
Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files.
network
low complexity
coppermine-gallery CWE-200
5.0
2011-01-11 CVE-2010-4693 Cross-Site Scripting vulnerability in Coppermine-Gallery Coppermine Photo Gallery
Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.
4.3
2009-09-09 CVE-2008-7187 Information Exposure vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.4.14
Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.
network
low complexity
coppermine-gallery CWE-200
5.0
2009-09-09 CVE-2008-7186 Permissions, Privileges, and Access Controls vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.4.14
Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request.
network
low complexity
coppermine-gallery CWE-264
5.0
2008-08-06 CVE-2008-3486 Path Traversal vulnerability in Coppermine-Gallery Coppermine Photo Gallery
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a ..
network
low complexity
coppermine-gallery CWE-22
7.5
2008-08-05 CVE-2008-3481 Code Injection vulnerability in Coppermine-Gallery Coppermine Photo Gallery
themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
network
low complexity
coppermine-gallery CWE-94
7.5
2008-01-31 CVE-2008-0504 SQL Injection vulnerability in Coppermine-Gallery Coppermine Photo Gallery
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.
network
low complexity
coppermine-gallery CWE-89
6.5