Vulnerabilities > Coppermine > Coppermine Photo Gallery > 1.4.9

DATE CVE VULNERABILITY TITLE RISK
2007-09-19 CVE-2007-4977 Cross-Site Scripting vulnerability in Coppermine Photo Gallery
Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.
network
coppermine CWE-79
3.5
3.5
2007-09-19 CVE-2007-4976 Path Traversal vulnerability in Coppermine Photo Gallery
Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a ..
network
low complexity
coppermine CWE-22
6.5
6.5
2007-01-09 CVE-2007-0122 SQL Injection vulnerability in Coppermine Photo Gallery Albmgr.PHP
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
network
low complexity
coppermine
6.5
6.5
2006-10-31 CVE-2006-5622 SQL Injection vulnerability in Coppermine Photo Gallery 1.4.9
SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter.
network
low complexity
coppermine
7.5
7.5