Page 5 of 31 results (0.005 seconds)

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 2

Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php. Vulnerabilidad de inyección de código estático en coppermine Photo Gallery 1.4.10 y anteriores permite a administradores autenticados remotamente ejecutar código PHP de su elección a través del Nombre de Usuario para login.php, el cual es inyectado dentro de un mensaje de error en security.log.php, que puede ser accedido utilizando viewlog.php. • http://acid-root.new.fr/poc/19070104.txt http://osvdb.org/33383 http://securityreason.com/securityalert/2107 http://www.attrition.org/pipermail/vim/2007-January/001218.html http://www.securityfocus.com/archive/1/456051/100/0/threaded •

CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 3

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions. Múltiples vulnerabilidades de inyección SQL en Coppermine Photo Gallery 1.4.10 y anteriores permiten a administradores autenticados remotamente ejecutar comandos SQL de su elección a través del parámetro (1) cat de albmgr.php, y posiblemente (2) el parámetro gid de usermgr.php; (3) el parámetro start de db_ecard.php; y el parámetro albumid de archivos no especificados, relacionados con las funciones (4) filename_to_title y (5) del_titles. • https://www.exploit-db.com/exploits/29397 http://acid-root.new.fr/poc/19070104.txt http://osvdb.org/35852 http://osvdb.org/35853 http://osvdb.org/35854 http://osvdb.org/35855 http://osvdb.org/35856 http://secunia.com/advisories/25846 http://securityreason.com/securityalert/2123 http://www.securityfocus.com/archive/1/456051/100/0/threaded http://www.securityfocus.com/bid/21894 https://www.exploit-db.com/exploits/3085 •

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0

Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. • http://secunia.com/advisories/20211 http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=418266 http://www.vupen.com/english/advisories/2006/1892 https://exchange.xforce.ibmcloud.com/vulnerabilities/26588 •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data. • http://coppermine-gallery.net/forum/index.php?topic=20933.0 http://secunia.com/advisories/16499 http://securitytracker.com/id?1014799 http://www.securityfocus.com/bid/14625 •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter. • http://coppermine.sourceforge.net/board/index.php?topic=17134 http://marc.info/?l=bugtraq&m=111383800707880&w=2 http://secunia.com/advisories/15004 http://www.securityfocus.com/bid/13218 •