CVSS: 4.0EPSS: 1%CPEs: 1EXPL: 1CVE-2007-0836 – Coppermine Photo Gallery 1.4.10 - Multiple Local/Remote File Inclusions
https://notcve.org/view.php?id=CVE-2007-0836
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. admin.php en Coppermine Photo Gallery 1.4.10 y, posiblemente en versiones anteriores, permite a usuarios remotos autenticados incluir ficheros locales de su elección y, posiblemente, también ficheros remotos mediante (1) "ruta a la inclusión de cabecera personalizada" y (2) "ruta a la inclusión del pie de página personalizado" en los campos de formulario. NOTA: la procedencia de esta información es desconocida; los detalles se obtienen a partir de la información de terceros. • https://www.exploit-db.com/exploits/29568 http://osvdb.org/33094 http://secunia.com/advisories/24019 http://www.securityfocus.com/bid/22409 https://exchange.xforce.ibmcloud.com/vulnerabilities/32233 •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 3CVE-2007-0122 – Coppermine Photo Gallery 1.4.11 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-0122
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions. Múltiples vulnerabilidades de inyección SQL en Coppermine Photo Gallery 1.4.10 y anteriores permiten a administradores autenticados remotamente ejecutar comandos SQL de su elección a través del parámetro (1) cat de albmgr.php, y posiblemente (2) el parámetro gid de usermgr.php; (3) el parámetro start de db_ecard.php; y el parámetro albumid de archivos no especificados, relacionados con las funciones (4) filename_to_title y (5) del_titles. • https://www.exploit-db.com/exploits/29397 http://acid-root.new.fr/poc/19070104.txt http://osvdb.org/35852 http://osvdb.org/35853 http://osvdb.org/35854 http://osvdb.org/35855 http://osvdb.org/35856 http://secunia.com/advisories/25846 http://securityreason.com/securityalert/2123 http://www.securityfocus.com/archive/1/456051/100/0/threaded http://www.securityfocus.com/bid/21894 https://www.exploit-db.com/exploits/3085 •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 2CVE-2007-0115
https://notcve.org/view.php?id=CVE-2007-0115
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php. Vulnerabilidad de inyección de código estático en coppermine Photo Gallery 1.4.10 y anteriores permite a administradores autenticados remotamente ejecutar código PHP de su elección a través del Nombre de Usuario para login.php, el cual es inyectado dentro de un mensaje de error en security.log.php, que puede ser accedido utilizando viewlog.php. • http://acid-root.new.fr/poc/19070104.txt http://osvdb.org/33383 http://securityreason.com/securityalert/2107 http://www.attrition.org/pipermail/vim/2007-January/001218.html http://www.securityfocus.com/archive/1/456051/100/0/threaded •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2006-2514
https://notcve.org/view.php?id=CVE-2006-2514
Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. • http://secunia.com/advisories/20211 http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=418266 http://www.vupen.com/english/advisories/2006/1892 https://exchange.xforce.ibmcloud.com/vulnerabilities/26588 •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2005-2676
https://notcve.org/view.php?id=CVE-2005-2676
Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data. • http://coppermine-gallery.net/forum/index.php?topic=20933.0 http://secunia.com/advisories/16499 http://securitytracker.com/id?1014799 http://www.securityfocus.com/bid/14625 •