CVE-2008-0504 – Coppermine Photo Gallery 1.4.10 - 'cpg1410_xek.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0504
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php. Múltiples vulnerabilidades de inyección SQL en Coppermine Photo Gallery (CPG) en versiones anteriores a la 1.4.15 permiten que administradores remotos autenticados ejecuten comandos SQL arbitrarios mediante los parámetros (1) albumid, (2) startpic y (3) numpics en util.php; y el parámetro (4) cid_array en reviewcom.php. • https://www.exploit-db.com/exploits/4950 http://coppermine-gallery.net/forum/index.php?topic=50103.0 http://secunia.com/advisories/28682 http://www.securityfocus.com/archive/1/487351/100/200/threaded http://www.securityfocus.com/bid/27509 http://www.securitytracker.com/id?1019285 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-66.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-0505
https://notcve.org/view.php?id=CVE-2008-0505
Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo docs/showdoc.php en Coppermine Photo Gallery (CPG) versiones anteriores a 1.4.15, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) h y (2) t. • http://coppermine-gallery.net/forum/index.php?topic=50103.0 http://secunia.com/advisories/28682 http://www.securityfocus.com/archive/1/487351/100/200/threaded http://www.securityfocus.com/bid/27511 http://www.securitytracker.com/id?1019285 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-66.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-0506 – Coppermine Photo Gallery 1.4.14 - 'picEditor.php' Command Execution
https://notcve.org/view.php?id=CVE-2008-0506
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php. El archivo include/imageObjectIM.class.php en Coppermine Photo Gallery (CPG) versiones anteriores a 1.4.15, cuando el método de procesamiento de imágenes de ImageMagick es configurado, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en el parámetro (1) quality, (2) angle o (3) clipval en el archivo picEditor.php. • https://www.exploit-db.com/exploits/16909 http://coppermine-gallery.net/forum/index.php?topic=50103.0 http://secunia.com/advisories/28682 http://www.securityfocus.com/archive/1/487310/100/200/threaded http://www.securityfocus.com/bid/27512 http://www.securitytracker.com/id?1019286 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-65.html https://www.exploit-db.com/exploits/5019 • CWE-20: Improper Input Validation •
CVE-2007-5888
https://notcve.org/view.php?id=CVE-2007-5888
Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en displayecard.php de Coppermine Photo Gallery (CPG) anterior a 1.4.14 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro data. • http://coppermine-gallery.net/forum/index.php?topic=48106.0 http://osvdb.org/38420 http://secunia.com/advisories/27534 http://www.securityfocus.com/bid/26357 https://exchange.xforce.ibmcloud.com/vulnerabilities/38290 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4976 – Coppermine Photo Gallery 1.4.12 - 'log' Local File Inclusion
https://notcve.org/view.php?id=CVE-2007-4976
Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter. Vulnerabilidad de salto de directorio en viewlog.php de Coppermine Photo Gallery (CPG) 1.4.12 y anteriores permite a administradores remotos autenticados incluir y ejecutar ficheros locales mediante secuencias .. (punto punto) en el parámetro log. • https://www.exploit-db.com/exploits/30595 http://coppermine-gallery.net/forum/index.php?topic=46847.0 http://osvdb.org/37101 http://secunia.com/advisories/26843 http://securityreason.com/securityalert/3152 http://www.securityfocus.com/archive/1/479757/100/0/threaded http://www.securityfocus.com/bid/25698 http://www.securitytracker.com/id?1018704 http://www.vupen.com/english/advisories/2007/3194 https://exchange.xforce.ibmcloud.com/vulnerabilities/36660 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •