CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 1CVE-2007-4976 – Coppermine Photo Gallery 1.4.12 - 'log' Local File Inclusion
https://notcve.org/view.php?id=CVE-2007-4976
Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter. Vulnerabilidad de salto de directorio en viewlog.php de Coppermine Photo Gallery (CPG) 1.4.12 y anteriores permite a administradores remotos autenticados incluir y ejecutar ficheros locales mediante secuencias .. (punto punto) en el parámetro log. • https://www.exploit-db.com/exploits/30595 http://coppermine-gallery.net/forum/index.php?topic=46847.0 http://osvdb.org/37101 http://secunia.com/advisories/26843 http://securityreason.com/securityalert/3152 http://www.securityfocus.com/archive/1/479757/100/0/threaded http://www.securityfocus.com/bid/25698 http://www.securitytracker.com/id?1018704 http://www.vupen.com/english/advisories/2007/3194 https://exchange.xforce.ibmcloud.com/vulnerabilities/36660 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 2CVE-2007-4977 – Coppermine Photo Gallery 1.4.12 - 'referer' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4977
Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mode.php de Coppermine Photo Gallery (CPG) 1.4.12 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro referer. • https://www.exploit-db.com/exploits/30594 http://coppermine-gallery.net/forum/index.php?topic=46847.0 http://osvdb.org/37100 http://secunia.com/advisories/26843 http://securityreason.com/securityalert/3152 http://www.securityfocus.com/archive/1/479757/100/0/threaded http://www.securityfocus.com/bid/25698 http://www.securitytracker.com/id?1018704 http://www.vupen.com/english/advisories/2007/3194 https://exchange.xforce.ibmcloud.com/vulnerabilities/36659 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1CVE-2007-4283 – Coppermine Photo Gallery 1.3/1.4 - 'YABBSE.INC.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-4283
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter. Vulnerabilidad de inclusión remota de archivo en PHP en bridge/yabbse.inc.php de Coppermine Photo Gallery (CPG) 1.3.1 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro sourcedir. • https://www.exploit-db.com/exploits/30463 http://osvdb.org/38710 http://securityreason.com/securityalert/2989 http://www.securityfocus.com/archive/1/475866/100/0/threaded http://www.securityfocus.com/archive/1/476015/100/0/threaded http://www.securityfocus.com/bid/25243 https://exchange.xforce.ibmcloud.com/vulnerabilities/35884 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3558 – Coppermine Photo Gallery 1.4.10 - 'xpl.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3558
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. Vulnerabilidad de inyección SQL en Coppermine Photo Gallery (CPG) anterior a 1.4.11 permite a atacantes remotos ejecutar comandos SQL de su elección mediante una cookie de contraseña de álbum para un componente no especificado. • https://www.exploit-db.com/exploits/3085 http://coppermine-gallery.net/forum/index.php?topic=44845.0 http://secunia.com/advisories/25846 http://www.securityfocus.com/bid/24710 •
CVSS: 7.5EPSS: 85%CPEs: 4EXPL: 3CVE-2007-1107 – Coppermine Photo Gallery 1.3.x - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2007-1107
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies. Vulnerabilidad de inyección SQL en thumbnails.php en Coppermine Photo Gallery (CPG) 1.3.x permite a usuarios autenticados remotos ejecutar comandos SQL de su elección mediante una cookie cpg131_fav. • https://www.exploit-db.com/exploits/3371 http://osvdb.org/33133 http://securityreason.com/securityalert/2297 http://www.securityfocus.com/archive/1/461158/100/0/threaded http://www.securityfocus.com/bid/22709 http://www.securityfocus.com/bid/27372 https://exchange.xforce.ibmcloud.com/vulnerabilities/32688 https://exchange.xforce.ibmcloud.com/vulnerabilities/39806 https://www.exploit-db.com/exploits/4950 https://www.exploit-db.com/exploits/4961 •