CVE-2008-3481 – Coppermine Photo Gallery 1.4.18 - Local File Inclusion / Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-3481
themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. themes/sample/theme.php en Coppermine Photo Gallery (CPG) 1.4.18 y versiones anteriores que permite a los atacantes remotos obtener información sensible a través de peticiones directas, que revelan la ruta de instalación en un mensaje de error. • https://www.exploit-db.com/exploits/6178 http://securityreason.com/securityalert/4108 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-0504 – Coppermine Photo Gallery 1.4.10 - 'cpg1410_xek.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0504
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php. Múltiples vulnerabilidades de inyección SQL en Coppermine Photo Gallery (CPG) en versiones anteriores a la 1.4.15 permiten que administradores remotos autenticados ejecuten comandos SQL arbitrarios mediante los parámetros (1) albumid, (2) startpic y (3) numpics en util.php; y el parámetro (4) cid_array en reviewcom.php. • https://www.exploit-db.com/exploits/4950 http://coppermine-gallery.net/forum/index.php?topic=50103.0 http://secunia.com/advisories/28682 http://www.securityfocus.com/archive/1/487351/100/200/threaded http://www.securityfocus.com/bid/27509 http://www.securitytracker.com/id?1019285 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-66.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2005-3979
https://notcve.org/view.php?id=CVE-2005-3979
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. relocate_server.php en Coppermine Photo Gallery (CPG) 1.4.2 y 1.4 beta no se elimina después de la instalación y no usa autenticación, lo que permite a atacantes remotos obtener información sensible, como la configuración de la base de datos, a través de una petición directa. • http://coppermine-gallery.net/forum/index.php?topic=24217.0 http://secunia.com/advisories/17855 http://www.vupen.com/english/advisories/2005/2698 • CWE-287: Improper Authentication •