CVSS: 9.8EPSS: 14%CPEs: 1EXPL: 2CVE-2006-4321 – Mambo Component CopperminePhotoGalery - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-4321
24 Aug 2006 — PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en cpg.php del componente Coppermine Photo Gallery (com_cpg) 1.0 y anteriores para Mambo permite a atacantes remotos ejecutar código PHp de su elección mediante una URL en el parámetro mosConfig_absolute_path. • https://www.exploit-db.com/exploits/2196 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-3064
https://notcve.org/view.php?id=CVE-2006-3064
19 Jun 2006 — SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. Vulnerabilidad de inyección SQL en la función include/function.inc.php en Coppermine Photo Gallery (CPG) v1.4.8, cuando "Keep detailed hit statistics" está activada, permite a atacantes remotos ejecutar comandos SQL a través de la (... • http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2006-2976
https://notcve.org/view.php?id=CVE-2006-2976
12 Jun 2006 — Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors. • http://coppermine-gallery.net/forum/index.php?topic=32333.0 •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2006-2514
https://notcve.org/view.php?id=CVE-2006-2514
22 May 2006 — Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. • http://secunia.com/advisories/20211 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2CVE-2006-1909 – Coppermine 1.4.4 - 'index.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2006-1909
20 Apr 2006 — Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences. • https://www.exploit-db.com/exploits/27669 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 3CVE-2006-0872
https://notcve.org/view.php?id=CVE-2006-0872
24 Feb 2006 — Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter. • http://coppermine-gallery.net/forum/index.php?topic=28062.0 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 2CVE-2006-0873
https://notcve.org/view.php?id=CVE-2006-0873
24 Feb 2006 — Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames. • http://coppermine-gallery.net/forum/index.php?topic=28062.0 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3979
https://notcve.org/view.php?id=CVE-2005-3979
03 Dec 2005 — relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. relocate_server.php en Coppermine Photo Gallery (CPG) 1.4.2 y 1.4 beta no se elimina después de la instalación y no usa autenticación, lo que permite a atacantes remotos obtener información sensible, como la configuración de la base de datos, a través de ... • http://coppermine-gallery.net/forum/index.php?topic=24217.0 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2005-2676
https://notcve.org/view.php?id=CVE-2005-2676
23 Aug 2005 — Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data. • http://coppermine-gallery.net/forum/index.php?topic=20933.0 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1225
https://notcve.org/view.php?id=CVE-2005-1225
22 Apr 2005 — SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php. • http://marc.info/?l=bugtraq&m=111402186304179&w=2 •