CVSS: 6.1EPSS: 1%CPEs: 7EXPL: 2CVE-2007-4977 – Coppermine Photo Gallery 1.4.12 - 'referer' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4977
19 Sep 2007 — Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mode.php de Coppermine Photo Gallery (CPG) 1.4.12 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro referer. • https://www.exploit-db.com/exploits/30594 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2007-4283 – Coppermine Photo Gallery 1.3/1.4 - 'YABBSE.INC.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-4283
09 Aug 2007 — PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter. Vulnerabilidad de inclusión remota de archivo en PHP en bridge/yabbse.inc.php de Coppermine Photo Gallery (CPG) 1.3.1 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro sourcedir. • https://www.exploit-db.com/exploits/30463 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3558 – Coppermine Photo Gallery 1.4.10 - 'xpl.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3558
04 Jul 2007 — SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. Vulnerabilidad de inyección SQL en Coppermine Photo Gallery (CPG) anterior a 1.4.11 permite a atacantes remotos ejecutar comandos SQL de su elección mediante una cookie de contraseña de álbum para un componente no especificado. • https://www.exploit-db.com/exploits/3085 •
CVSS: 8.8EPSS: 3%CPEs: 4EXPL: 3CVE-2007-1107 – Coppermine Photo Gallery 1.3.x - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2007-1107
26 Feb 2007 — SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies. Vulnerabilidad de inyección SQL en thumbnails.php en Coppermine Photo Gallery (CPG) 1.3.x permite a usuarios autenticados remotos ejecutar comandos SQL de su elección mediante una cookie cpg131_fav. • https://www.exploit-db.com/exploits/3371 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0835
https://notcve.org/view.php?id=CVE-2007-0835
08 Feb 2007 — admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. admin.php en Coppermine Photo Gallery 1.4.10 y, posiblemente en versiones anteriores, permite a usuario... • http://osvdb.org/33093 •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 1CVE-2007-0836 – Coppermine Photo Gallery 1.4.10 - Multiple Local/Remote File Inclusions
https://notcve.org/view.php?id=CVE-2007-0836
08 Feb 2007 — admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. admin.php en Coppermine Photo Gallery 1.4.10 y, posiblemente en versiones anteriores, permite a usuarios remotos autenticados incluir ficheros lo... • https://www.exploit-db.com/exploits/29568 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2007-0115
https://notcve.org/view.php?id=CVE-2007-0115
09 Jan 2007 — Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php. Vulnerabilidad de inyección de código estático en coppermine Photo Gallery 1.4.10 y anteriores permite a administradores autenticados remotamente ejecutar código PHP de su elección a través del Nombre de Usuario para l... • http://acid-root.new.fr/poc/19070104.txt •
CVSS: 7.2EPSS: 1%CPEs: 15EXPL: 3CVE-2007-0122 – Coppermine Photo Gallery 1.4.11 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-0122
09 Jan 2007 — Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions. Múltiples vulnerabilidades de inyección SQL en Coppermine Photo Gallery 1.4.10 y anteriores permiten a... • https://www.exploit-db.com/exploits/29397 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6123
https://notcve.org/view.php?id=CVE-2006-6123
26 Nov 2006 — Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected. Coppermine Photo Gallery (CPG) 1.4.8 estable, con register_globals activado, permiet a un atacante remoto evitar la protección X... • http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2006-5622 – Coppermine Photo Gallery 1.4.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2006-5622
31 Oct 2006 — SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter. Vulnerabilidad de inyección SQL en picmgr.php en Coppermine Photo Gallery 1.4.9 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro aid. • https://www.exploit-db.com/exploits/2660 •