CVE-2007-0122 – Coppermine Photo Gallery 1.4.11 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-0122
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions. Múltiples vulnerabilidades de inyección SQL en Coppermine Photo Gallery 1.4.10 y anteriores permiten a administradores autenticados remotamente ejecutar comandos SQL de su elección a través del parámetro (1) cat de albmgr.php, y posiblemente (2) el parámetro gid de usermgr.php; (3) el parámetro start de db_ecard.php; y el parámetro albumid de archivos no especificados, relacionados con las funciones (4) filename_to_title y (5) del_titles. • https://www.exploit-db.com/exploits/29397 http://acid-root.new.fr/poc/19070104.txt http://osvdb.org/35852 http://osvdb.org/35853 http://osvdb.org/35854 http://osvdb.org/35855 http://osvdb.org/35856 http://secunia.com/advisories/25846 http://securityreason.com/securityalert/2123 http://www.securityfocus.com/archive/1/456051/100/0/threaded http://www.securityfocus.com/bid/21894 https://www.exploit-db.com/exploits/3085 •
CVE-2006-6123
https://notcve.org/view.php?id=CVE-2006-6123
Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected. Coppermine Photo Gallery (CPG) 1.4.8 estable, con register_globals activado, permiet a un atacante remoto evitar la protección XSS y asignar variables de su elección a través de una cadena de consulta que provoca que la variable se defina en un espacio global, con los separadores _GET, _REQUEST, u otros parámetros críticos, el cual son desasignados por el esquema de protección y previenen que la variable original pueda ser detectada. • http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html http://secunia.com/advisories/20597 http://securityreason.com/securityalert/1914 http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133 http://www.osvdb.org/27618 https://exchange.xforce.ibmcloud.com/vulnerabilities/27376 •
CVE-2006-5622 – Coppermine Photo Gallery 1.4.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2006-5622
SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter. Vulnerabilidad de inyección SQL en picmgr.php en Coppermine Photo Gallery 1.4.9 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro aid. • https://www.exploit-db.com/exploits/2660 http://coppermine-gallery.net/forum/index.php?topic=37895.0 http://secunia.com/advisories/22625 http://www.securityfocus.com/bid/20774 http://www.vupen.com/english/advisories/2006/4226 •
CVE-2006-4321 – Mambo Component CopperminePhotoGalery - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-4321
PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en cpg.php del componente Coppermine Photo Gallery (com_cpg) 1.0 y anteriores para Mambo permite a atacantes remotos ejecutar código PHp de su elección mediante una URL en el parámetro mosConfig_absolute_path. • https://www.exploit-db.com/exploits/2196 http://secunia.com/advisories/21539 http://www.osvdb.org/27970 http://www.securityfocus.com/bid/19589 http://www.vupen.com/english/advisories/2006/3310 https://exchange.xforce.ibmcloud.com/vulnerabilities/28413 •
CVE-2006-3064
https://notcve.org/view.php?id=CVE-2006-3064
SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. Vulnerabilidad de inyección SQL en la función include/function.inc.php en Coppermine Photo Gallery (CPG) v1.4.8, cuando "Keep detailed hit statistics" está activada, permite a atacantes remotos ejecutar comandos SQL a través de la (1) referer y (2) agentes de usuario los encabezados HTTP. • http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html http://secunia.com/advisories/20597 http://www.securityfocus.com/archive/1/436799/30/4470/threaded http://www.vupen.com/english/advisories/2006/2317 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •