Vulnerabilities > Coppermine
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-01-31 | CVE-2008-0506 | Improper Input Validation vulnerability in Coppermine Photo Gallery include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php. | 6.8 |
2008-01-31 | CVE-2008-0505 | Cross-Site Scripting vulnerability in Coppermine Photo Gallery Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. | 4.3 |
2007-11-07 | CVE-2007-5888 | Cross-Site Scripting vulnerability in Coppermine Photo Gallery Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter. | 4.3 |
2007-09-19 | CVE-2007-4977 | Cross-Site Scripting vulnerability in Coppermine Photo Gallery Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter. | 3.5 |
2007-09-19 | CVE-2007-4976 | Path Traversal vulnerability in Coppermine Photo Gallery Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. | 6.5 |
2007-08-09 | CVE-2007-4283 | Remote File Include vulnerability in Coppermine Photo Gallery 1.3.1 PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter. | 7.5 |
2007-07-04 | CVE-2007-3558 | SQL Injection vulnerability in Coppermine Photo Gallery Album Password Cookie SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. | 7.5 |
2007-03-12 | CVE-2007-1414 | Remote File Include vulnerability in Retired: Coppermine Photo Gallery Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php. | 10.0 |
2007-02-26 | CVE-2007-1107 | SQL Injection vulnerability in Coppermine Photo Gallery ThumbNails.PHP SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. | 7.5 |
2007-02-08 | CVE-2007-0836 | Remote And Local File Include vulnerability in Coppermine Photo Gallery admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. | 4.0 |