Vulnerabilities > Coppermine > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-09 | CVE-2007-4283 | Remote File Include vulnerability in Coppermine Photo Gallery 1.3.1 PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter. | 7.5 |
| 2007-07-04 | CVE-2007-3558 | SQL Injection vulnerability in Coppermine Photo Gallery Album Password Cookie SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. | 7.5 |
| 2007-02-26 | CVE-2007-1107 | SQL Injection vulnerability in Coppermine Photo Gallery ThumbNails.PHP SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. | 7.5 |
| 2006-10-31 | CVE-2006-5622 | SQL Injection vulnerability in Coppermine Photo Gallery 1.4.9 SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter. | 7.5 |
| 2006-08-24 | CVE-2006-4321 | Remote File Include vulnerability in Coppermine Photo Gallery 1.0 PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2006-06-19 | CVE-2006-3064 | SQL Injection vulnerability in Coppermine Photo Gallery 1.4.8 SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. | 7.5 |
| 2006-06-12 | CVE-2006-2976 | Remote Security vulnerability in Coppermine Photo Gallery Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors. | 7.5 |
| 2006-05-22 | CVE-2006-2514 | File-Upload vulnerability in Coppermine Photo Gallery Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. | 7.5 |
| 2005-05-02 | CVE-2005-1226 | Information Disclosure vulnerability in Coppermine Photo Gallery 1.3.2 Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2005-05-02 | CVE-2005-1225 | SQL-Injection vulnerability in Coppermine Photo Gallery 1.3.2 SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php. | 7.5 |