CVE-2008-0504 – Coppermine Photo Gallery 1.4.10 - 'cpg1410_xek.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0504
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php. Múltiples vulnerabilidades de inyección SQL en Coppermine Photo Gallery (CPG) en versiones anteriores a la 1.4.15 permiten que administradores remotos autenticados ejecuten comandos SQL arbitrarios mediante los parámetros (1) albumid, (2) startpic y (3) numpics en util.php; y el parámetro (4) cid_array en reviewcom.php. • https://www.exploit-db.com/exploits/4950 http://coppermine-gallery.net/forum/index.php?topic=50103.0 http://secunia.com/advisories/28682 http://www.securityfocus.com/archive/1/487351/100/200/threaded http://www.securityfocus.com/bid/27509 http://www.securitytracker.com/id?1019285 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-66.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-0505
https://notcve.org/view.php?id=CVE-2008-0505
Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo docs/showdoc.php en Coppermine Photo Gallery (CPG) versiones anteriores a 1.4.15, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) h y (2) t. • http://coppermine-gallery.net/forum/index.php?topic=50103.0 http://secunia.com/advisories/28682 http://www.securityfocus.com/archive/1/487351/100/200/threaded http://www.securityfocus.com/bid/27511 http://www.securitytracker.com/id?1019285 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-66.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-0506 – Coppermine Photo Gallery 1.4.14 - 'picEditor.php' Command Execution
https://notcve.org/view.php?id=CVE-2008-0506
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php. El archivo include/imageObjectIM.class.php en Coppermine Photo Gallery (CPG) versiones anteriores a 1.4.15, cuando el método de procesamiento de imágenes de ImageMagick es configurado, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en el parámetro (1) quality, (2) angle o (3) clipval en el archivo picEditor.php. • https://www.exploit-db.com/exploits/16909 http://coppermine-gallery.net/forum/index.php?topic=50103.0 http://secunia.com/advisories/28682 http://www.securityfocus.com/archive/1/487310/100/200/threaded http://www.securityfocus.com/bid/27512 http://www.securitytracker.com/id?1019286 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-65.html https://www.exploit-db.com/exploits/5019 • CWE-20: Improper Input Validation •
CVE-2006-2976
https://notcve.org/view.php?id=CVE-2006-2976
Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors. • http://coppermine-gallery.net/forum/index.php?topic=32333.0 http://secunia.com/advisories/20465 http://sourceforge.net/project/shownotes.php?release_id=423104&group_id=89658 http://www.vupen.com/english/advisories/2006/2185 https://exchange.xforce.ibmcloud.com/vulnerabilities/26983 •
CVE-2006-2514
https://notcve.org/view.php?id=CVE-2006-2514
Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. • http://secunia.com/advisories/20211 http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=418266 http://www.vupen.com/english/advisories/2006/1892 https://exchange.xforce.ibmcloud.com/vulnerabilities/26588 •