CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 2CVE-2006-4321 – Mambo Component CopperminePhotoGalery - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-4321
PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en cpg.php del componente Coppermine Photo Gallery (com_cpg) 1.0 y anteriores para Mambo permite a atacantes remotos ejecutar código PHp de su elección mediante una URL en el parámetro mosConfig_absolute_path. • https://www.exploit-db.com/exploits/2196 http://secunia.com/advisories/21539 http://www.osvdb.org/27970 http://www.securityfocus.com/bid/19589 http://www.vupen.com/english/advisories/2006/3310 https://exchange.xforce.ibmcloud.com/vulnerabilities/28413 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2006-3064
https://notcve.org/view.php?id=CVE-2006-3064
SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. Vulnerabilidad de inyección SQL en la función include/function.inc.php en Coppermine Photo Gallery (CPG) v1.4.8, cuando "Keep detailed hit statistics" está activada, permite a atacantes remotos ejecutar comandos SQL a través de la (1) referer y (2) agentes de usuario los encabezados HTTP. • http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html http://secunia.com/advisories/20597 http://www.securityfocus.com/archive/1/436799/30/4470/threaded http://www.vupen.com/english/advisories/2006/2317 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2006-2976
https://notcve.org/view.php?id=CVE-2006-2976
Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors. • http://coppermine-gallery.net/forum/index.php?topic=32333.0 http://secunia.com/advisories/20465 http://sourceforge.net/project/shownotes.php?release_id=423104&group_id=89658 http://www.vupen.com/english/advisories/2006/2185 https://exchange.xforce.ibmcloud.com/vulnerabilities/26983 •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2006-2514
https://notcve.org/view.php?id=CVE-2006-2514
Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. • http://secunia.com/advisories/20211 http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=418266 http://www.vupen.com/english/advisories/2006/1892 https://exchange.xforce.ibmcloud.com/vulnerabilities/26588 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 2CVE-2006-1909 – Coppermine 1.4.4 - 'index.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2006-1909
Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences. • https://www.exploit-db.com/exploits/27669 http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html http://secunia.com/advisories/19665 http://www.securityfocus.com/archive/1/431062 http://www.securityfocus.com/archive/1/431118/30/0/threaded http://www.securityfocus.com/bid/17570 http://www.vupen.com/english/advisories/2006/1392 https://exchange.xforce.ibmcloud.com/vulnerabilities/25866 •