ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.
Max CVSS
6.1
EPSS Score
0.16%
Published
2019-05-07
Updated
2019-05-07
Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2015-08-20
Updated
2015-08-21
Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.
Max CVSS
5.0
EPSS Score
0.46%
Published
2015-06-10
Updated
2016-12-31
Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.
Max CVSS
5.8
EPSS Score
0.28%
Published
2015-05-27
Updated
2016-12-31
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.
Max CVSS
3.5
EPSS Score
0.12%
Published
2015-05-27
Updated
2016-12-31
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.18%
Published
2018-03-16
Updated
2018-04-09
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.21%
Published
2012-09-04
Updated
2012-09-05
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
Max CVSS
3.5
EPSS Score
0.17%
Published
2012-09-04
Updated
2013-07-04
Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files.
Max CVSS
5.0
EPSS Score
0.29%
Published
2011-09-23
Updated
2012-03-13
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667.
Max CVSS
4.3
EPSS Score
0.25%
Published
2011-06-14
Updated
2017-08-29
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution.
Max CVSS
9.8
EPSS Score
1.13%
Published
2020-02-05
Updated
2020-02-07
Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.
Max CVSS
4.3
EPSS Score
6.00%
Published
2011-01-11
Updated
2018-10-10
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.14%
Published
2011-06-14
Updated
2011-06-14
Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.52%
Published
2009-09-09
Updated
2018-10-11
Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.
Max CVSS
5.0
EPSS Score
0.56%
Published
2009-09-09
Updated
2018-10-11
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.
Max CVSS
7.5
EPSS Score
1.06%
Published
2008-08-06
Updated
2017-09-29
themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
Max CVSS
7.5
EPSS Score
0.54%
Published
2008-08-05
Updated
2017-09-29
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.
Max CVSS
6.5
EPSS Score
0.24%
Published
2008-01-31
Updated
2018-10-16
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.
Max CVSS
5.0
EPSS Score
0.53%
Published
2005-12-03
Updated
2019-07-16
19 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!