CVSS: 7.5EPSS: 1%CPEs: 31EXPL: 1CVE-2008-3481 – Coppermine Photo Gallery 1.4.18 - Local File Inclusion / Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-3481
05 Aug 2008 — themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. themes/sample/theme.php en Coppermine Photo Gallery (CPG) 1.4.18 y versiones anteriores que permite a los atacantes remotos obtener información sensible a través de peticiones directas, que revelan la ruta de instalación en un mensaje de error. • https://www.exploit-db.com/exploits/6178 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2008-1840
https://notcve.org/view.php?id=CVE-2008-1840
16 Apr 2008 — SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload. Vulnerabilidad de inyección SQL en upload.php de Coppermine Photo Gallery (CPG) 1.4.16 y anteriores; permite a usuarios autenticados en remoto o a servidores HTTP asistidos por el usuario, ejecutar comandos SQL de ... • http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 28EXPL: 1CVE-2008-0504 – Coppermine Photo Gallery 1.4.10 - 'cpg1410_xek.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0504
31 Jan 2008 — Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php. Múltiples vulnerabilidades de inyección SQL en Coppermine Photo Gallery (CPG) en versiones anteriores a la 1.4.15 permiten que administradores remotos autenticados ejecuten comandos SQL arbitrarios mediante los parámetros (1) al... • https://www.exploit-db.com/exploits/4950 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2008-0505
https://notcve.org/view.php?id=CVE-2008-0505
31 Jan 2008 — Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo docs/showdoc.php en Coppermine Photo Gallery (CPG) versiones anteriores a 1.4.15, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) h y (2) t. • http://coppermine-gallery.net/forum/index.php?topic=50103.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 88%CPEs: 1EXPL: 3CVE-2008-0506 – Coppermine Photo Gallery 1.4.14 - 'picEditor.php' Command Execution
https://notcve.org/view.php?id=CVE-2008-0506
31 Jan 2008 — include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php. El archivo include/imageObjectIM.class.php en Coppermine Photo Gallery (CPG) versiones anteriores a 1.4.15, cuando el método de procesamiento de imágenes de ImageMagick es configurado, permite a los atacantes remotos... • https://www.exploit-db.com/exploits/16909 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5888
https://notcve.org/view.php?id=CVE-2007-5888
07 Nov 2007 — Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en displayecard.php de Coppermine Photo Gallery (CPG) anterior a 1.4.14 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro data. • http://coppermine-gallery.net/forum/index.php?topic=48106.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3558 – Coppermine Photo Gallery 1.4.10 - 'xpl.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3558
04 Jul 2007 — SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. Vulnerabilidad de inyección SQL en Coppermine Photo Gallery (CPG) anterior a 1.4.11 permite a atacantes remotos ejecutar comandos SQL de su elección mediante una cookie de contraseña de álbum para un componente no especificado. • https://www.exploit-db.com/exploits/3085 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0835
https://notcve.org/view.php?id=CVE-2007-0835
08 Feb 2007 — admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. admin.php en Coppermine Photo Gallery 1.4.10 y, posiblemente en versiones anteriores, permite a usuario... • http://osvdb.org/33093 •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 1CVE-2007-0836 – Coppermine Photo Gallery 1.4.10 - Multiple Local/Remote File Inclusions
https://notcve.org/view.php?id=CVE-2007-0836
08 Feb 2007 — admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. admin.php en Coppermine Photo Gallery 1.4.10 y, posiblemente en versiones anteriores, permite a usuarios remotos autenticados incluir ficheros lo... • https://www.exploit-db.com/exploits/29568 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2007-0115
https://notcve.org/view.php?id=CVE-2007-0115
09 Jan 2007 — Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php. Vulnerabilidad de inyección de código estático en coppermine Photo Gallery 1.4.10 y anteriores permite a administradores autenticados remotamente ejecutar código PHP de su elección a través del Nombre de Usuario para l... • http://acid-root.new.fr/poc/19070104.txt •