Vulnerabilities > Coppermine > Coppermine Photo Gallery > High

DATE CVE VULNERABILITY TITLE RISK
2007-08-09 CVE-2007-4283 Remote File Include vulnerability in Coppermine Photo Gallery 1.3.1
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
network
low complexity
coppermine
7.5
2007-07-04 CVE-2007-3558 SQL Injection vulnerability in Coppermine Photo Gallery Album Password Cookie
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
network
low complexity
coppermine
7.5
2007-02-26 CVE-2007-1107 SQL Injection vulnerability in Coppermine Photo Gallery ThumbNails.PHP
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie.
network
low complexity
coppermine
7.5
2006-10-31 CVE-2006-5622 SQL Injection vulnerability in Coppermine Photo Gallery 1.4.9
SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter.
network
low complexity
coppermine
7.5
2006-08-24 CVE-2006-4321 Remote File Include vulnerability in Coppermine Photo Gallery 1.0
PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
network
low complexity
coppermine
7.5
2006-06-19 CVE-2006-3064 SQL Injection vulnerability in Coppermine Photo Gallery 1.4.8
SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.
network
low complexity
coppermine CWE-89
7.5
2006-06-12 CVE-2006-2976 Remote Security vulnerability in Coppermine Photo Gallery
Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.
network
low complexity
coppermine
7.5
2006-05-22 CVE-2006-2514 File-Upload vulnerability in Coppermine Photo Gallery
Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
network
low complexity
coppermine
7.5
2005-05-02 CVE-2005-1226 Information Disclosure vulnerability in Coppermine Photo Gallery 1.3.2
Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.
network
low complexity
coppermine
7.5
2005-05-02 CVE-2005-1225 SQL-Injection vulnerability in Coppermine Photo Gallery 1.3.2
SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php.
network
low complexity
coppermine
7.5