Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Coppermine_photo_gallery
(Coppermine)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 35 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2007-01-09 | CVE-2007-0115 | Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php. | Coppermine_photo_gallery | N/A | ||
| 2006-11-26 | CVE-2006-6123 | Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected. | Coppermine_photo_gallery | N/A | ||
| 2006-10-31 | CVE-2006-5622 | SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter. | Coppermine_photo_gallery | N/A | ||
| 2006-08-23 | CVE-2006-4321 | PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | Coppermine_photo_gallery | N/A | ||
| 2006-06-19 | CVE-2006-3064 | SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. | Coppermine_photo_gallery | N/A | ||
| 2006-06-12 | CVE-2006-2976 | Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors. | Coppermine_photo_gallery | N/A | ||
| 2006-05-22 | CVE-2006-2514 | Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. | Coppermine_photo_gallery | N/A | ||
| 2006-04-20 | CVE-2006-1909 | Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences. | Coppermine_photo_gallery | N/A | ||
| 2006-02-24 | CVE-2006-0873 | Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames. | Coppermine_photo_gallery | N/A | ||
| 2006-02-24 | CVE-2006-0872 | Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter. | Coppermine_photo_gallery | N/A |