Page 4 of 49 results (0.008 seconds)

CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0

SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable. Vulnerabilidad de inyección SQL en la funcionalidad de manejo de sesión en bridge/coppermine.inc.php de Coppermine Photo Gallery (CPG) 1.4.17 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través de un campo de entrada asociado con la variable session_id, tal y como se realiza en exploits públicos desde Abril del 2008. NOTA: el parche para CVE-2008-1840 tenía el propósito de abordar esta vulnerabilidad, pero es actualmente inaplicable. • http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380&r2=4381 http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html http://secunia.com/advisories/29741 http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=592069 http://www.securityfocus.com/bid/28767 https://exchange.xforce.ibmcloud.com/vulnerabilities/41788 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 28EXPL: 1

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php. Múltiples vulnerabilidades de inyección SQL en Coppermine Photo Gallery (CPG) en versiones anteriores a la 1.4.15 permiten que administradores remotos autenticados ejecuten comandos SQL arbitrarios mediante los parámetros (1) albumid, (2) startpic y (3) numpics en util.php; y el parámetro (4) cid_array en reviewcom.php. • https://www.exploit-db.com/exploits/4950 http://coppermine-gallery.net/forum/index.php?topic=50103.0 http://secunia.com/advisories/28682 http://www.securityfocus.com/archive/1/487351/100/200/threaded http://www.securityfocus.com/bid/27509 http://www.securitytracker.com/id?1019285 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-66.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo docs/showdoc.php en Coppermine Photo Gallery (CPG) versiones anteriores a 1.4.15, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) h y (2) t. • http://coppermine-gallery.net/forum/index.php?topic=50103.0 http://secunia.com/advisories/28682 http://www.securityfocus.com/archive/1/487351/100/200/threaded http://www.securityfocus.com/bid/27511 http://www.securitytracker.com/id?1019285 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-66.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 96%CPEs: 1EXPL: 3

include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php. El archivo include/imageObjectIM.class.php en Coppermine Photo Gallery (CPG) versiones anteriores a 1.4.15, cuando el método de procesamiento de imágenes de ImageMagick es configurado, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en el parámetro (1) quality, (2) angle o (3) clipval en el archivo picEditor.php. • https://www.exploit-db.com/exploits/16909 http://coppermine-gallery.net/forum/index.php?topic=50103.0 http://secunia.com/advisories/28682 http://www.securityfocus.com/archive/1/487310/100/200/threaded http://www.securityfocus.com/bid/27512 http://www.securitytracker.com/id?1019286 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-65.html https://www.exploit-db.com/exploits/5019 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en displayecard.php de Coppermine Photo Gallery (CPG) anterior a 1.4.14 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro data. • http://coppermine-gallery.net/forum/index.php?topic=48106.0 http://osvdb.org/38420 http://secunia.com/advisories/27534 http://www.securityfocus.com/bid/26357 https://exchange.xforce.ibmcloud.com/vulnerabilities/38290 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •