Vulnerabilities > Coppermine > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-31 | CVE-2008-0506 | Improper Input Validation vulnerability in Coppermine Photo Gallery include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php. | 6.8 |
| 2008-01-31 | CVE-2008-0505 | Cross-Site Scripting vulnerability in Coppermine Photo Gallery Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. | 4.3 |
| 2007-11-07 | CVE-2007-5888 | Cross-Site Scripting vulnerability in Coppermine Photo Gallery Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter. | 4.3 |
| 2007-09-19 | CVE-2007-4976 | Path Traversal vulnerability in Coppermine Photo Gallery Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. | 6.5 |
| 2007-02-08 | CVE-2007-0836 | Remote And Local File Include vulnerability in Coppermine Photo Gallery admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. | 4.0 |
| 2007-02-08 | CVE-2007-0835 | Unspecified vulnerability in Coppermine Photo Gallery admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. | 6.5 |
| 2007-01-09 | CVE-2007-0122 | SQL Injection vulnerability in Coppermine Photo Gallery Albmgr.PHP Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions. | 6.5 |
| 2007-01-09 | CVE-2007-0115 | Remote Security vulnerability in Coppermine Photo Gallery Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php. network coppermine | 6.0 |
| 2006-04-20 | CVE-2006-1909 | Local File Include vulnerability in Coppermine Photo Gallery 1.4.4 Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences. | 5.0 |
| 2006-02-24 | CVE-2006-0873 | File Include vulnerability in Coppermine Photo Gallery 1.4.3 Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames. | 5.0 |