Page 7 of 50 results (0.009 seconds)

CVSS: 2.6EPSS: 4%CPEs: 1EXPL: 0

Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected. Coppermine Photo Gallery (CPG) 1.4.8 estable, con register_globals activado, permiet a un atacante remoto evitar la protección XSS y asignar variables de su elección a través de una cadena de consulta que provoca que la variable se defina en un espacio global, con los separadores _GET, _REQUEST, u otros parámetros críticos, el cual son desasignados por el esquema de protección y previenen que la variable original pueda ser detectada. • http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html http://secunia.com/advisories/20597 http://securityreason.com/securityalert/1914 http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133 http://www.osvdb.org/27618 https://exchange.xforce.ibmcloud.com/vulnerabilities/27376 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter. Vulnerabilidad de inyección SQL en picmgr.php en Coppermine Photo Gallery 1.4.9 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro aid. • https://www.exploit-db.com/exploits/2660 http://coppermine-gallery.net/forum/index.php?topic=37895.0 http://secunia.com/advisories/22625 http://www.securityfocus.com/bid/20774 http://www.vupen.com/english/advisories/2006/4226 •

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 2

PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en cpg.php del componente Coppermine Photo Gallery (com_cpg) 1.0 y anteriores para Mambo permite a atacantes remotos ejecutar código PHp de su elección mediante una URL en el parámetro mosConfig_absolute_path. • https://www.exploit-db.com/exploits/2196 http://secunia.com/advisories/21539 http://www.osvdb.org/27970 http://www.securityfocus.com/bid/19589 http://www.vupen.com/english/advisories/2006/3310 https://exchange.xforce.ibmcloud.com/vulnerabilities/28413 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. Vulnerabilidad de inyección SQL en la función include/function.inc.php en Coppermine Photo Gallery (CPG) v1.4.8, cuando "Keep detailed hit statistics" está activada, permite a atacantes remotos ejecutar comandos SQL a través de la (1) referer y (2) agentes de usuario los encabezados HTTP. • http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html http://secunia.com/advisories/20597 http://www.securityfocus.com/archive/1/436799/30/4470/threaded http://www.vupen.com/english/advisories/2006/2317 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors. • http://coppermine-gallery.net/forum/index.php?topic=32333.0 http://secunia.com/advisories/20465 http://sourceforge.net/project/shownotes.php?release_id=423104&group_id=89658 http://www.vupen.com/english/advisories/2006/2185 https://exchange.xforce.ibmcloud.com/vulnerabilities/26983 •