CVSS: 6.1EPSS: 0%CPEs: 58EXPL: 0CVE-2011-2476
https://notcve.org/view.php?id=CVE-2011-2476
14 Jun 2011 — Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery (CPG), antes de v1.5.12 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente de CVE-2010-4667 • http://forum.coppermine-gallery.net/index.php/topic%2C69495.0.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 49EXPL: 0CVE-2010-4667
https://notcve.org/view.php?id=CVE-2010-4667
14 Jun 2011 — Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery (CPG), antes de v1.4.27 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=347287 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 57EXPL: 5CVE-2010-4693 – Coppermine Photo Gallery 1.5.10 - 'help.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4693
11 Jan 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php. Múltiples vulnerabilidades de de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery 1.5.10 y versiones anteriores. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de los parámetros (... • https://www.exploit-db.com/exploits/35156 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-7186
https://notcve.org/view.php?id=CVE-2008-7186
09 Sep 2009 — Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504. Coppermine Photo Gallery (CPG) v1.4.14 no restringe el acceso a update.php, lo que permite a atacantes remotos obtener información sensible como el prefijo de la tabla de la base de datos a través de una petición directa. NOTA: esto podría ser aprovec... • http://www.securityfocus.com/archive/1/487351/100/200/threaded • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-7187
https://notcve.org/view.php?id=CVE-2008-7187
09 Sep 2009 — Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message. Coppermine Photo Gallery (CPG) v1.4.14, permite a atacantes remoto obtener información sensible a través de una petición directa a include/slideshow.inc.php, filtrando el directorio de instalación en un mensaje de error. • http://www.securityfocus.com/archive/1/487351/100/200/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2009-1616 – Coppermine Photo Gallery 1.4.21 - 'css' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1616
11 May 2009 — Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el fichero docs/showdoc.php de Coppermine Photo Gallery (CPG), antes de la versión 1.4.22 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro css. Se tra... • https://www.exploit-db.com/exploits/32963 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 31EXPL: 1CVE-2008-3486 – Coppermine Photo Gallery 1.4.18 - Local File Inclusion / Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-3486
06 Aug 2008 — Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie. Vulnerabilidad de salto de directorio en la función user_get_profile de include/functions.inc.php en Coppermine Photo Gallery (CPG) 1.4.18 y versiones anteriores, cuando el conjunto de caract... • https://www.exploit-db.com/exploits/6178 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 31EXPL: 1CVE-2008-3481 – Coppermine Photo Gallery 1.4.18 - Local File Inclusion / Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-3481
05 Aug 2008 — themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. themes/sample/theme.php en Coppermine Photo Gallery (CPG) 1.4.18 y versiones anteriores que permite a los atacantes remotos obtener información sensible a través de peticiones directas, que revelan la ruta de instalación en un mensaje de error. • https://www.exploit-db.com/exploits/6178 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2008-1840
https://notcve.org/view.php?id=CVE-2008-1840
16 Apr 2008 — SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload. Vulnerabilidad de inyección SQL en upload.php de Coppermine Photo Gallery (CPG) 1.4.16 y anteriores; permite a usuarios autenticados en remoto o a servidores HTTP asistidos por el usuario, ejecutar comandos SQL de ... • http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2008-1841
https://notcve.org/view.php?id=CVE-2008-1841
16 Apr 2008 — SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable. Vulnerabilidad de inyección SQL en la funcionalidad de manejo de sesión en bridge/coppermine.inc.php... • http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380&r2=4381 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •