CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 2CVE-2007-4977 – Coppermine Photo Gallery 1.4.12 - 'referer' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4977
Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mode.php de Coppermine Photo Gallery (CPG) 1.4.12 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro referer. • https://www.exploit-db.com/exploits/30594 http://coppermine-gallery.net/forum/index.php?topic=46847.0 http://osvdb.org/37100 http://secunia.com/advisories/26843 http://securityreason.com/securityalert/3152 http://www.securityfocus.com/archive/1/479757/100/0/threaded http://www.securityfocus.com/bid/25698 http://www.securitytracker.com/id?1018704 http://www.vupen.com/english/advisories/2007/3194 https://exchange.xforce.ibmcloud.com/vulnerabilities/36659 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1CVE-2007-4283 – Coppermine Photo Gallery 1.3/1.4 - 'YABBSE.INC.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-4283
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter. Vulnerabilidad de inclusión remota de archivo en PHP en bridge/yabbse.inc.php de Coppermine Photo Gallery (CPG) 1.3.1 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro sourcedir. • https://www.exploit-db.com/exploits/30463 http://osvdb.org/38710 http://securityreason.com/securityalert/2989 http://www.securityfocus.com/archive/1/475866/100/0/threaded http://www.securityfocus.com/archive/1/476015/100/0/threaded http://www.securityfocus.com/bid/25243 https://exchange.xforce.ibmcloud.com/vulnerabilities/35884 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3558 – Coppermine Photo Gallery 1.4.10 - 'xpl.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3558
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. Vulnerabilidad de inyección SQL en Coppermine Photo Gallery (CPG) anterior a 1.4.11 permite a atacantes remotos ejecutar comandos SQL de su elección mediante una cookie de contraseña de álbum para un componente no especificado. • https://www.exploit-db.com/exploits/3085 http://coppermine-gallery.net/forum/index.php?topic=44845.0 http://secunia.com/advisories/25846 http://www.securityfocus.com/bid/24710 •
CVSS: 7.5EPSS: 85%CPEs: 4EXPL: 3CVE-2007-1107 – Coppermine Photo Gallery 1.3.x - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2007-1107
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies. Vulnerabilidad de inyección SQL en thumbnails.php en Coppermine Photo Gallery (CPG) 1.3.x permite a usuarios autenticados remotos ejecutar comandos SQL de su elección mediante una cookie cpg131_fav. • https://www.exploit-db.com/exploits/3371 http://osvdb.org/33133 http://securityreason.com/securityalert/2297 http://www.securityfocus.com/archive/1/461158/100/0/threaded http://www.securityfocus.com/bid/22709 http://www.securityfocus.com/bid/27372 https://exchange.xforce.ibmcloud.com/vulnerabilities/32688 https://exchange.xforce.ibmcloud.com/vulnerabilities/39806 https://www.exploit-db.com/exploits/4950 https://www.exploit-db.com/exploits/4961 •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-0835
https://notcve.org/view.php?id=CVE-2007-0835
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. admin.php en Coppermine Photo Gallery 1.4.10 y, posiblemente en versiones anteriores, permite a usuarios remotos autenticados ejecutar comandos del intérprete de comandos (shell) de su elección mediante metacaracteres del shell (";" punto y coma) en las "Opciones de la línea de comandos para el ImageMagick" para el campo de formulario, cuando es usado como una opción del comando de conversión del ImageMagick. NOTA: la procedencia de esta información es desconocida; los detalles se obtienen a partir de la información de terceros. • http://osvdb.org/33093 http://secunia.com/advisories/24019 http://www.securityfocus.com/bid/22406 https://exchange.xforce.ibmcloud.com/vulnerabilities/32236 •