All the vulnerabilites related to coppermine - coppermine_photo_gallery
cve-2005-1226
Vulnerability from cvelistv5
Published
2005-04-22 04:00
Modified
2024-08-07 21:44
Severity ?
EPSS score ?
Summary
Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20206 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=111402186304179&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.waraxe.us/advisory-42.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "coppermine-password-plaintext(20206)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20206"
},
{
"name": "20050420 [waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111402186304179\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-42.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "coppermine-password-plaintext(20206)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20206"
},
{
"name": "20050420 [waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111402186304179\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-42.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coppermine-password-plaintext(20206)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20206"
},
{
"name": "20050420 [waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111402186304179\u0026w=2"
},
{
"name": "http://www.waraxe.us/advisory-42.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-42.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1226",
"datePublished": "2005-04-22T04:00:00",
"dateReserved": "2005-04-22T00:00:00",
"dateUpdated": "2024-08-07T21:44:05.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4283
Vulnerability from cvelistv5
Published
2007-08-09 21:00
Modified
2024-08-07 14:46
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35884 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/476015/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/475866/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/25243 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/38710 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/2989 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "coppermine-yabbseinc-file-include(35884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
},
{
"name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
},
{
"name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
},
{
"name": "25243",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25243"
},
{
"name": "38710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38710"
},
{
"name": "2989",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "coppermine-yabbseinc-file-include(35884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
},
{
"name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
},
{
"name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
},
{
"name": "25243",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25243"
},
{
"name": "38710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38710"
},
{
"name": "2989",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coppermine-yabbseinc-file-include(35884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
},
{
"name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
},
{
"name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
},
{
"name": "25243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25243"
},
{
"name": "38710",
"refsource": "OSVDB",
"url": "http://osvdb.org/38710"
},
{
"name": "2989",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4283",
"datePublished": "2007-08-09T21:00:00",
"dateReserved": "2007-08-09T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3558
Vulnerability from cvelistv5
Published
2007-07-04 16:00
Modified
2024-09-16 18:48
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/25846 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/24710 | vdb-entry, x_refsource_BID | |
| http://coppermine-gallery.net/forum/index.php?topic=44845.0 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25846"
},
{
"name": "24710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-04T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25846"
},
{
"name": "24710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25846"
},
{
"name": "24710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24710"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=44845.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3558",
"datePublished": "2007-07-04T16:00:00Z",
"dateReserved": "2007-07-04T00:00:00Z",
"dateUpdated": "2024-09-16T18:48:53.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1988
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108360247732014&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.waraxe.us/index.php?modname=sa&id=26 | x_refsource_MISC | |
| http://securitytracker.com/id?1010001 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16041 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10253 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/5761 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/11524 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "1010001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010001"
},
{
"name": "coppermine-multiple-file-include(16041)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16041"
},
{
"name": "10253",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "5761",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5761"
},
{
"name": "11524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "1010001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010001"
},
{
"name": "coppermine-multiple-file-include(16041)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16041"
},
{
"name": "10253",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "5761",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5761"
},
{
"name": "11524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa\u0026id=26",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "1010001",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010001"
},
{
"name": "coppermine-multiple-file-include(16041)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16041"
},
{
"name": "10253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "5761",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5761"
},
{
"name": "11524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1988",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1985
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108360247732014&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.waraxe.us/index.php?modname=sa&id=26 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16040 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/5757 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/10253 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/11524 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "coppermine-menuincpho-xss(16040)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16040"
},
{
"name": "5757",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5757"
},
{
"name": "10253",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "11524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "coppermine-menuincpho-xss(16040)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16040"
},
{
"name": "5757",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5757"
},
{
"name": "10253",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "11524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa\u0026id=26",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "coppermine-menuincpho-xss(16040)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16040"
},
{
"name": "5757",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5757"
},
{
"name": "10253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "11524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1985",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1989
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108360247732014&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/5912 | vdb-entry, x_refsource_OSVDB | |
| http://www.waraxe.us/index.php?modname=sa&id=26 | x_refsource_MISC | |
| http://securitytracker.com/id?1010001 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16041 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10253 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/11524 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"name": "5912",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5912"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "1010001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010001"
},
{
"name": "coppermine-multiple-file-include(16041)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16041"
},
{
"name": "10253",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "11524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"name": "5912",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5912"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "1010001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010001"
},
{
"name": "coppermine-multiple-file-include(16041)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16041"
},
{
"name": "10253",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "11524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"name": "5912",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5912"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa\u0026id=26",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "1010001",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010001"
},
{
"name": "coppermine-multiple-file-include(16041)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16041"
},
{
"name": "10253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "11524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1989",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1225
Vulnerability from cvelistv5
Published
2005-04-22 04:00
Modified
2024-08-07 21:44
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111402186304179&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20205 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/15004 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.waraxe.us/advisory-42.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050420 [waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111402186304179\u0026w=2"
},
{
"name": "coppermine-initincphp-sql-injection(20205)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20205"
},
{
"name": "15004",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15004"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-42.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050420 [waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111402186304179\u0026w=2"
},
{
"name": "coppermine-initincphp-sql-injection(20205)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20205"
},
{
"name": "15004",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15004"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-42.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050420 [waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111402186304179\u0026w=2"
},
{
"name": "coppermine-initincphp-sql-injection(20205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20205"
},
{
"name": "15004",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15004"
},
{
"name": "http://www.waraxe.us/advisory-42.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-42.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1225",
"datePublished": "2005-04-22T04:00:00",
"dateReserved": "2005-04-22T00:00:00",
"dateUpdated": "2024-08-07T21:44:05.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1986
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16042 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=108360247732014&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.waraxe.us/index.php?modname=sa&id=26 | x_refsource_MISC | |
| http://securitytracker.com/id?1010001 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/5758 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/10253 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/11524 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "coppermine-modulesphp-directory-traversal(16042)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16042"
},
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "1010001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010001"
},
{
"name": "5758",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5758"
},
{
"name": "10253",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "11524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "coppermine-modulesphp-directory-traversal(16042)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16042"
},
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "1010001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010001"
},
{
"name": "5758",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5758"
},
{
"name": "10253",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "11524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coppermine-modulesphp-directory-traversal(16042)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16042"
},
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa\u0026id=26",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "1010001",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010001"
},
{
"name": "5758",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5758"
},
{
"name": "10253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "11524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1986",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2676
Vulnerability from cvelistv5
Published
2005-08-23 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://coppermine-gallery.net/forum/index.php?topic=20933.0 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/16499 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1014799 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/14625 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:01.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=20933.0"
},
{
"name": "16499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16499"
},
{
"name": "1014799",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014799"
},
{
"name": "14625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-17T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=20933.0"
},
{
"name": "16499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16499"
},
{
"name": "1014799",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014799"
},
{
"name": "14625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=20933.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=20933.0"
},
{
"name": "16499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16499"
},
{
"name": "1014799",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014799"
},
{
"name": "14625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2676",
"datePublished": "2005-08-23T04:00:00",
"dateReserved": "2005-08-23T00:00:00",
"dateUpdated": "2024-08-07T22:45:01.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0872
Vulnerability from cvelistv5
Published
2006-02-24 11:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/0669 | vdb-entry, x_refsource_VUPEN | |
| http://retrogod.altervista.org/cpg_143_incl_xpl.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/16718 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/425387 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/18941 | third-party-advisory, x_refsource_SECUNIA | |
| http://retrogod.altervista.org/cpg_143_adv.html | x_refsource_MISC | |
| http://coppermine-gallery.net/forum/index.php?topic=28062.0 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24814 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1015646 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0669",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/cpg_143_incl_xpl.html"
},
{
"name": "16718",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16718"
},
{
"name": "20060218 Coppermine Photo Gallery \u003c=1.4.3 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425387"
},
{
"name": "18941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18941"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/cpg_143_adv.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=28062.0"
},
{
"name": "coppermine-init-file-include(24814)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24814"
},
{
"name": "1015646",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0669",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/cpg_143_incl_xpl.html"
},
{
"name": "16718",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16718"
},
{
"name": "20060218 Coppermine Photo Gallery \u003c=1.4.3 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425387"
},
{
"name": "18941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18941"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/cpg_143_adv.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=28062.0"
},
{
"name": "coppermine-init-file-include(24814)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24814"
},
{
"name": "1015646",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0669",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0669"
},
{
"name": "http://retrogod.altervista.org/cpg_143_incl_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/cpg_143_incl_xpl.html"
},
{
"name": "16718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16718"
},
{
"name": "20060218 Coppermine Photo Gallery \u003c=1.4.3 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425387"
},
{
"name": "18941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18941"
},
{
"name": "http://retrogod.altervista.org/cpg_143_adv.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/cpg_143_adv.html"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=28062.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=28062.0"
},
{
"name": "coppermine-init-file-include(24814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24814"
},
{
"name": "1015646",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0872",
"datePublished": "2006-02-24T11:00:00",
"dateReserved": "2006-02-24T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0122
Vulnerability from cvelistv5
Published
2007-01-09 02:00
Modified
2024-08-07 12:03
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/35853 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/2123 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/25846 | third-party-advisory, x_refsource_SECUNIA | |
| http://acid-root.new.fr/poc/19070104.txt | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/3085 | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/35854 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/35852 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/456051/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/21894 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/35856 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/35855 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35853",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35853"
},
{
"name": "2123",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2123"
},
{
"name": "25846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25846"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://acid-root.new.fr/poc/19070104.txt"
},
{
"name": "3085",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3085"
},
{
"name": "35854",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35854"
},
{
"name": "35852",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35852"
},
{
"name": "20070105 Coppermine Photo Gallery \u003c= 1.4.10 SQL Injection Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
},
{
"name": "21894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21894"
},
{
"name": "35856",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35856"
},
{
"name": "35855",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35855"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35853",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35853"
},
{
"name": "2123",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2123"
},
{
"name": "25846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25846"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://acid-root.new.fr/poc/19070104.txt"
},
{
"name": "3085",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3085"
},
{
"name": "35854",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35854"
},
{
"name": "35852",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35852"
},
{
"name": "20070105 Coppermine Photo Gallery \u003c= 1.4.10 SQL Injection Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
},
{
"name": "21894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21894"
},
{
"name": "35856",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35856"
},
{
"name": "35855",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35855"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35853",
"refsource": "OSVDB",
"url": "http://osvdb.org/35853"
},
{
"name": "2123",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2123"
},
{
"name": "25846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25846"
},
{
"name": "http://acid-root.new.fr/poc/19070104.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/poc/19070104.txt"
},
{
"name": "3085",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3085"
},
{
"name": "35854",
"refsource": "OSVDB",
"url": "http://osvdb.org/35854"
},
{
"name": "35852",
"refsource": "OSVDB",
"url": "http://osvdb.org/35852"
},
{
"name": "20070105 Coppermine Photo Gallery \u003c= 1.4.10 SQL Injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
},
{
"name": "21894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21894"
},
{
"name": "35856",
"refsource": "OSVDB",
"url": "http://osvdb.org/35856"
},
{
"name": "35855",
"refsource": "OSVDB",
"url": "http://osvdb.org/35855"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0122",
"datePublished": "2007-01-09T02:00:00",
"dateReserved": "2007-01-08T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4977
Vulnerability from cvelistv5
Published
2007-09-19 18:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://coppermine-gallery.net/forum/index.php?topic=46847.0 | x_refsource_CONFIRM | |
| http://securityreason.com/securityalert/3152 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/479757/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/37100 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1018704 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/26843 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36659 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/3194 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/25698 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:27.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "37100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37100"
},
{
"name": "1018704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-mode-xss(36659)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
},
{
"name": "ADV-2007-3194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "37100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37100"
},
{
"name": "1018704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-mode-xss(36659)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
},
{
"name": "ADV-2007-3194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=46847.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "37100",
"refsource": "OSVDB",
"url": "http://osvdb.org/37100"
},
{
"name": "1018704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-mode-xss(36659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
},
{
"name": "ADV-2007-3194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4977",
"datePublished": "2007-09-19T18:00:00",
"dateReserved": "2007-09-19T00:00:00",
"dateUpdated": "2024-08-07T15:17:27.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1840
Vulnerability from cvelistv5
Published
2008-04-16 17:00
Modified
2024-08-07 08:40
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41784 | vdb-entry, x_refsource_XF | |
| http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=592069 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/28766 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/29795 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/44345 | vdb-entry, x_refsource_OSVDB | |
| http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "coppermine-upload-sql-injection(41784)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"name": "28766",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28766"
},
{
"name": "29795",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29795"
},
{
"name": "44345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/44345"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "coppermine-upload-sql-injection(41784)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"name": "28766",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28766"
},
{
"name": "29795",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29795"
},
{
"name": "44345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/44345"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coppermine-upload-sql-injection(41784)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"name": "28766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28766"
},
{
"name": "29795",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29795"
},
{
"name": "44345",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44345"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,51787,0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,51787,0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1840",
"datePublished": "2008-04-16T17:00:00",
"dateReserved": "2008-04-16T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0836
Vulnerability from cvelistv5
Published
2007-02-08 00:00
Modified
2024-08-07 12:34
Severity ?
EPSS score ?
Summary
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/22409 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/24019 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/33094 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32233 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22409",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22409"
},
{
"name": "24019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24019"
},
{
"name": "33094",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33094"
},
{
"name": "coppermine-admin-file-include(32233)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32233"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) \"Path to custom header include\" and (2) \"Path to custom footer include\" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22409",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22409"
},
{
"name": "24019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24019"
},
{
"name": "33094",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33094"
},
{
"name": "coppermine-admin-file-include(32233)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32233"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) \"Path to custom header include\" and (2) \"Path to custom footer include\" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22409"
},
{
"name": "24019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24019"
},
{
"name": "33094",
"refsource": "OSVDB",
"url": "http://osvdb.org/33094"
},
{
"name": "coppermine-admin-file-include(32233)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32233"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0836",
"datePublished": "2007-02-08T00:00:00",
"dateReserved": "2007-02-07T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0115
Vulnerability from cvelistv5
Published
2007-01-09 02:00
Modified
2024-08-07 12:03
Severity ?
EPSS score ?
Summary
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.attrition.org/pipermail/vim/2007-January/001218.html | mailing-list, x_refsource_VIM | |
| http://osvdb.org/33383 | vdb-entry, x_refsource_OSVDB | |
| http://acid-root.new.fr/poc/19070104.txt | x_refsource_MISC | |
| http://securityreason.com/securityalert/2107 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/456051/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070108 Source verify - Coppermine Photo Gallery \u003c= 1.4.10 code injection",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-January/001218.html"
},
{
"name": "33383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33383"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://acid-root.new.fr/poc/19070104.txt"
},
{
"name": "2107",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2107"
},
{
"name": "20070105 Coppermine Photo Gallery \u003c= 1.4.10 SQL Injection Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070108 Source verify - Coppermine Photo Gallery \u003c= 1.4.10 code injection",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-January/001218.html"
},
{
"name": "33383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33383"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://acid-root.new.fr/poc/19070104.txt"
},
{
"name": "2107",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2107"
},
{
"name": "20070105 Coppermine Photo Gallery \u003c= 1.4.10 SQL Injection Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070108 Source verify - Coppermine Photo Gallery \u003c= 1.4.10 code injection",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-January/001218.html"
},
{
"name": "33383",
"refsource": "OSVDB",
"url": "http://osvdb.org/33383"
},
{
"name": "http://acid-root.new.fr/poc/19070104.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/poc/19070104.txt"
},
{
"name": "2107",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2107"
},
{
"name": "20070105 Coppermine Photo Gallery \u003c= 1.4.10 SQL Injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0115",
"datePublished": "2007-01-09T02:00:00",
"dateReserved": "2007-01-08T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0873
Vulnerability from cvelistv5
Published
2006-02-24 11:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/0669 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24816 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/16718 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/425387 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/18941 | third-party-advisory, x_refsource_SECUNIA | |
| http://retrogod.altervista.org/cpg_143_adv.html | x_refsource_MISC | |
| http://coppermine-gallery.net/forum/index.php?topic=28062.0 | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1015646 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0669",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0669"
},
{
"name": "coppermine-showdoc-file-include(24816)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24816"
},
{
"name": "16718",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16718"
},
{
"name": "20060218 Coppermine Photo Gallery \u003c=1.4.3 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425387"
},
{
"name": "18941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18941"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/cpg_143_adv.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=28062.0"
},
{
"name": "1015646",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0669",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0669"
},
{
"name": "coppermine-showdoc-file-include(24816)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24816"
},
{
"name": "16718",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16718"
},
{
"name": "20060218 Coppermine Photo Gallery \u003c=1.4.3 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425387"
},
{
"name": "18941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18941"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/cpg_143_adv.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=28062.0"
},
{
"name": "1015646",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0669",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0669"
},
{
"name": "coppermine-showdoc-file-include(24816)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24816"
},
{
"name": "16718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16718"
},
{
"name": "20060218 Coppermine Photo Gallery \u003c=1.4.3 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425387"
},
{
"name": "18941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18941"
},
{
"name": "http://retrogod.altervista.org/cpg_143_adv.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/cpg_143_adv.html"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=28062.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=28062.0"
},
{
"name": "1015646",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0873",
"datePublished": "2006-02-24T11:00:00",
"dateReserved": "2006-02-24T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1984
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/6495 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/6500 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=108360247732014&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/5756 | vdb-entry, x_refsource_OSVDB | |
| http://www.waraxe.us/index.php?modname=sa&id=26 | x_refsource_MISC | |
| http://www.osvdb.org/6499 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1010001 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/6497 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/6498 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/6496 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16039 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/11524 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6495"
},
{
"name": "6500",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6500"
},
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"name": "5756",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5756"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "6499",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6499"
},
{
"name": "1010001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010001"
},
{
"name": "6497",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6497"
},
{
"name": "6498",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6498"
},
{
"name": "6496",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6496"
},
{
"name": "coppermine-multiple-path-disclosure(16039)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16039"
},
{
"name": "11524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6495"
},
{
"name": "6500",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6500"
},
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"name": "5756",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5756"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "6499",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6499"
},
{
"name": "1010001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010001"
},
{
"name": "6497",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6497"
},
{
"name": "6498",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6498"
},
{
"name": "6496",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6496"
},
{
"name": "coppermine-multiple-path-disclosure(16039)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16039"
},
{
"name": "11524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6495",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6495"
},
{
"name": "6500",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6500"
},
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"name": "5756",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5756"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa\u0026id=26",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "6499",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6499"
},
{
"name": "1010001",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010001"
},
{
"name": "6497",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6497"
},
{
"name": "6498",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6498"
},
{
"name": "6496",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6496"
},
{
"name": "coppermine-multiple-path-disclosure(16039)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16039"
},
{
"name": "11524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1984",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2976
Vulnerability from cvelistv5
Published
2006-06-12 22:00
Modified
2024-08-07 18:06
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/2185 | vdb-entry, x_refsource_VUPEN | |
| http://sourceforge.net/project/shownotes.php?release_id=423104&group_id=89658 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/20465 | third-party-advisory, x_refsource_SECUNIA | |
| http://coppermine-gallery.net/forum/index.php?topic=32333.0 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26983 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2185",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=423104\u0026group_id=89658"
},
{
"name": "20465",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20465"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=32333.0"
},
{
"name": "coppermine-usermgr-unspecified(26983)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26983"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2185",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=423104\u0026group_id=89658"
},
{
"name": "20465",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20465"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=32333.0"
},
{
"name": "coppermine-usermgr-unspecified(26983)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26983"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2185",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2185"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=423104\u0026group_id=89658",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=423104\u0026group_id=89658"
},
{
"name": "20465",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20465"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=32333.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=32333.0"
},
{
"name": "coppermine-usermgr-unspecified(26983)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26983"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2976",
"datePublished": "2006-06-12T22:00:00",
"dateReserved": "2006-06-12T00:00:00",
"dateUpdated": "2024-08-07T18:06:27.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5888
Vulnerability from cvelistv5
Published
2007-11-07 21:00
Modified
2024-08-07 15:47
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/27534 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38290 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/26357 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/38420 | vdb-entry, x_refsource_OSVDB | |
| http://coppermine-gallery.net/forum/index.php?topic=48106.0 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27534"
},
{
"name": "coppermine-displayecard-xss(38290)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
},
{
"name": "26357",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26357"
},
{
"name": "38420",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38420"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27534"
},
{
"name": "coppermine-displayecard-xss(38290)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
},
{
"name": "26357",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26357"
},
{
"name": "38420",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38420"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27534"
},
{
"name": "coppermine-displayecard-xss(38290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
},
{
"name": "26357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26357"
},
{
"name": "38420",
"refsource": "OSVDB",
"url": "http://osvdb.org/38420"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=48106.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5888",
"datePublished": "2007-11-07T21:00:00",
"dateReserved": "2007-11-07T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1987
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.waraxe.us/index.php?modname=sa&id=26 | x_refsource_MISC | |
| http://securitytracker.com/id?1010001 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/5759 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=108360247732014&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10253 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16043 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/11524 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "1010001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010001"
},
{
"name": "5759",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5759"
},
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"name": "10253",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "coppermine-parameters-execute-commands(16043)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16043"
},
{
"name": "11524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG[\u0027impath\u0027] or (2) $CONFIG[\u0027jpeg_qual\u0027] parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "1010001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010001"
},
{
"name": "5759",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5759"
},
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"name": "10253",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "coppermine-parameters-execute-commands(16043)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16043"
},
{
"name": "11524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG[\u0027impath\u0027] or (2) $CONFIG[\u0027jpeg_qual\u0027] parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/index.php?modname=sa\u0026id=26",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"name": "1010001",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010001"
},
{
"name": "5759",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5759"
},
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"name": "10253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "coppermine-parameters-execute-commands(16043)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16043"
},
{
"name": "11524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1987",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2514
Vulnerability from cvelistv5
Published
2006-05-22 22:00
Modified
2024-08-07 17:51
Severity ?
EPSS score ?
Summary
Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=418266 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/1892 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/20211 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26588 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=418266"
},
{
"name": "ADV-2006-1892",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1892"
},
{
"name": "20211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20211"
},
{
"name": "coppermine-file-upload(26588)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26588"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=418266"
},
{
"name": "ADV-2006-1892",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1892"
},
{
"name": "20211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20211"
},
{
"name": "coppermine-file-upload(26588)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26588"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=418266",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=418266"
},
{
"name": "ADV-2006-1892",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1892"
},
{
"name": "20211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20211"
},
{
"name": "coppermine-file-upload(26588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26588"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2514",
"datePublished": "2006-05-22T22:00:00",
"dateReserved": "2006-05-22T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3064
Vulnerability from cvelistv5
Published
2006-06-19 10:00
Modified
2024-08-07 18:16
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/2317 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/436799/30/4470/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/20597 | third-party-advisory, x_refsource_SECUNIA | |
| http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2317"
},
{
"name": "20060611 [KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436799/30/4470/threaded"
},
{
"name": "20597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20597"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when \"Keep detailed hit statistics\" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2317"
},
{
"name": "20060611 [KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436799/30/4470/threaded"
},
{
"name": "20597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20597"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when \"Keep detailed hit statistics\" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2317",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2317"
},
{
"name": "20060611 [KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436799/30/4470/threaded"
},
{
"name": "20597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20597"
},
{
"name": "http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3064",
"datePublished": "2006-06-19T10:00:00",
"dateReserved": "2006-06-19T00:00:00",
"dateUpdated": "2024-08-07T18:16:05.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0835
Vulnerability from cvelistv5
Published
2007-02-08 00:00
Modified
2024-08-07 12:34
Severity ?
EPSS score ?
Summary
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/24019 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/22406 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32236 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/33093 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24019"
},
{
"name": "22406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22406"
},
{
"name": "coppermine-admin-command-execution(32236)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32236"
},
{
"name": "33093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (\";\" semicolon) in the \"Command line options for ImageMagick\" form field, when used as an option to ImageMagick\u0027s convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24019"
},
{
"name": "22406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22406"
},
{
"name": "coppermine-admin-command-execution(32236)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32236"
},
{
"name": "33093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (\";\" semicolon) in the \"Command line options for ImageMagick\" form field, when used as an option to ImageMagick\u0027s convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24019"
},
{
"name": "22406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22406"
},
{
"name": "coppermine-admin-command-execution(32236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32236"
},
{
"name": "33093",
"refsource": "OSVDB",
"url": "http://osvdb.org/33093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0835",
"datePublished": "2007-02-08T00:00:00",
"dateReserved": "2007-02-07T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4321
Vulnerability from cvelistv5
Published
2006-08-24 01:00
Modified
2024-08-07 19:06
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/3310 | vdb-entry, x_refsource_VUPEN | |
| https://www.exploit-db.com/exploits/2196 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.osvdb.org/27970 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/19589 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28413 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/21539 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3310",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3310"
},
{
"name": "2196",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2196"
},
{
"name": "27970",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27970"
},
{
"name": "19589",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19589"
},
{
"name": "coppermine-cpg-file-include(28413)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28413"
},
{
"name": "21539",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3310",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3310"
},
{
"name": "2196",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2196"
},
{
"name": "27970",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27970"
},
{
"name": "19589",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19589"
},
{
"name": "coppermine-cpg-file-include(28413)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28413"
},
{
"name": "21539",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3310",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3310"
},
{
"name": "2196",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2196"
},
{
"name": "27970",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27970"
},
{
"name": "19589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19589"
},
{
"name": "coppermine-cpg-file-include(28413)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28413"
},
{
"name": "21539",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4321",
"datePublished": "2006-08-24T01:00:00",
"dateReserved": "2006-08-23T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1107
Vulnerability from cvelistv5
Published
2007-02-26 17:00
Modified
2024-08-07 12:43
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/461158/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32688 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/2297 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/22709 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39806 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/3371 | exploit, x_refsource_EXPLOIT-DB | |
| https://www.exploit-db.com/exploits/4950 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/27372 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/4961 | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/33133 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070224 Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461158/100/0/threaded"
},
{
"name": "coppermine-thumbnails-sql-injection(32688)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32688"
},
{
"name": "2297",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2297"
},
{
"name": "22709",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22709"
},
{
"name": "copperminephoto-thumbnails-sql-injection(39806)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39806"
},
{
"name": "3371",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3371"
},
{
"name": "4950",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4950"
},
{
"name": "27372",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27372"
},
{
"name": "4961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4961"
},
{
"name": "33133",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33133"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070224 Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461158/100/0/threaded"
},
{
"name": "coppermine-thumbnails-sql-injection(32688)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32688"
},
{
"name": "2297",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2297"
},
{
"name": "22709",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22709"
},
{
"name": "copperminephoto-thumbnails-sql-injection(39806)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39806"
},
{
"name": "3371",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3371"
},
{
"name": "4950",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4950"
},
{
"name": "27372",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27372"
},
{
"name": "4961",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4961"
},
{
"name": "33133",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33133"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070224 Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461158/100/0/threaded"
},
{
"name": "coppermine-thumbnails-sql-injection(32688)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32688"
},
{
"name": "2297",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2297"
},
{
"name": "22709",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22709"
},
{
"name": "copperminephoto-thumbnails-sql-injection(39806)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39806"
},
{
"name": "3371",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3371"
},
{
"name": "4950",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4950"
},
{
"name": "27372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27372"
},
{
"name": "4961",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4961"
},
{
"name": "33133",
"refsource": "OSVDB",
"url": "http://osvdb.org/33133"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1107",
"datePublished": "2007-02-26T17:00:00",
"dateReserved": "2007-02-26T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1414
Vulnerability from cvelistv5
Published
2007-03-12 23:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/2416 | third-party-advisory, x_refsource_SREASON | |
| http://www.osvdb.org/35068 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/35065 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/35067 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/462322/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/22896 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/35069 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32894 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/35066 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/463532/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/35070 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:07.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2416",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2416"
},
{
"name": "35068",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35068"
},
{
"name": "35065",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35065"
},
{
"name": "35067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35067"
},
{
"name": "20070309 Remote File Include In Script Coppermine Photo Gallery",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462322/100/0/threaded"
},
{
"name": "22896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22896"
},
{
"name": "35069",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35069"
},
{
"name": "coppermine-multiple-scripts-file-include(32894)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32894"
},
{
"name": "35066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35066"
},
{
"name": "20070322 Remote File Include In Coppermine Photo Gallery",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463532/100/0/threaded"
},
{
"name": "35070",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2416",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2416"
},
{
"name": "35068",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35068"
},
{
"name": "35065",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35065"
},
{
"name": "35067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35067"
},
{
"name": "20070309 Remote File Include In Script Coppermine Photo Gallery",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462322/100/0/threaded"
},
{
"name": "22896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22896"
},
{
"name": "35069",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35069"
},
{
"name": "coppermine-multiple-scripts-file-include(32894)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32894"
},
{
"name": "35066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35066"
},
{
"name": "20070322 Remote File Include In Coppermine Photo Gallery",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463532/100/0/threaded"
},
{
"name": "35070",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2416",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2416"
},
{
"name": "35068",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35068"
},
{
"name": "35065",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35065"
},
{
"name": "35067",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35067"
},
{
"name": "20070309 Remote File Include In Script Coppermine Photo Gallery",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462322/100/0/threaded"
},
{
"name": "22896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22896"
},
{
"name": "35069",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35069"
},
{
"name": "coppermine-multiple-scripts-file-include(32894)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32894"
},
{
"name": "35066",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35066"
},
{
"name": "20070322 Remote File Include In Coppermine Photo Gallery",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463532/100/0/threaded"
},
{
"name": "35070",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1414",
"datePublished": "2007-03-12T23:00:00",
"dateReserved": "2007-03-12T00:00:00",
"dateUpdated": "2024-08-07T12:59:07.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5622
Vulnerability from cvelistv5
Published
2006-10-31 20:00
Modified
2024-08-07 19:55
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://coppermine-gallery.net/forum/index.php?topic=37895.0 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/4226 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/20774 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/2660 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/22625 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:53.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=37895.0"
},
{
"name": "ADV-2006-4226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4226"
},
{
"name": "20774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20774"
},
{
"name": "2660",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2660"
},
{
"name": "22625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=37895.0"
},
{
"name": "ADV-2006-4226",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4226"
},
{
"name": "20774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20774"
},
{
"name": "2660",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2660"
},
{
"name": "22625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=37895.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=37895.0"
},
{
"name": "ADV-2006-4226",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4226"
},
{
"name": "20774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20774"
},
{
"name": "2660",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2660"
},
{
"name": "22625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5622",
"datePublished": "2006-10-31T20:00:00",
"dateReserved": "2006-10-31T00:00:00",
"dateUpdated": "2024-08-07T19:55:53.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0505
Vulnerability from cvelistv5
Published
2008-01-31 19:30
Modified
2024-08-07 07:46
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/27511 | vdb-entry, x_refsource_BID | |
| http://www.waraxe.us/advisory-66.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/487351/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1019285 | vdb-entry, x_refsource_SECTRACK | |
| http://coppermine-gallery.net/forum/index.php?topic=50103.0 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/0367 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/28682 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27511",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27511"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019285"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "28682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27511",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27511"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019285"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "28682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28682"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27511"
},
{
"name": "http://www.waraxe.us/advisory-66.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=50103.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "28682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28682"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0505",
"datePublished": "2008-01-31T19:30:00",
"dateReserved": "2008-01-31T00:00:00",
"dateUpdated": "2024-08-07T07:46:55.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1909
Vulnerability from cvelistv5
Published
2006-04-20 18:00
Modified
2024-08-07 17:27
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/19665 | third-party-advisory, x_refsource_SECUNIA | |
| http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/431118/30/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2006/1392 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25866 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/431062 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/17570 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19665"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html"
},
{
"name": "20060416 Re: [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431118/30/0/threaded"
},
{
"name": "ADV-2006-1392",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1392"
},
{
"name": "coppermine-index-file-include(25866)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25866"
},
{
"name": "20060415 [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431062"
},
{
"name": "17570",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard \"../\" sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19665"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html"
},
{
"name": "20060416 Re: [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431118/30/0/threaded"
},
{
"name": "ADV-2006-1392",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1392"
},
{
"name": "coppermine-index-file-include(25866)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25866"
},
{
"name": "20060415 [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431062"
},
{
"name": "17570",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17570"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard \"../\" sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19665"
},
{
"name": "http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html"
},
{
"name": "20060416 Re: [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431118/30/0/threaded"
},
{
"name": "ADV-2006-1392",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1392"
},
{
"name": "coppermine-index-file-include(25866)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25866"
},
{
"name": "20060415 [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431062"
},
{
"name": "17570",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17570"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1909",
"datePublished": "2006-04-20T18:00:00",
"dateReserved": "2006-04-20T00:00:00",
"dateUpdated": "2024-08-07T17:27:29.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1616
Vulnerability from cvelistv5
Published
2009-05-11 20:00
Modified
2024-09-16 22:08
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/34961 | third-party-advisory, x_refsource_SECUNIA | |
| http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html | x_refsource_CONFIRM | |
| http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/34782 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/54145 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:34.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html"
},
{
"name": "34782",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34782"
},
{
"name": "54145",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-11T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html"
},
{
"name": "34782",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34782"
},
{
"name": "54145",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54145"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34961"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,59247.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,59247.0.html"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,59237.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,59237.0.html"
},
{
"name": "34782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34782"
},
{
"name": "54145",
"refsource": "OSVDB",
"url": "http://osvdb.org/54145"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1616",
"datePublished": "2009-05-11T20:00:00Z",
"dateReserved": "2009-05-11T00:00:00Z",
"dateUpdated": "2024-09-16T22:08:47.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4976
Vulnerability from cvelistv5
Published
2007-09-19 18:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://coppermine-gallery.net/forum/index.php?topic=46847.0 | x_refsource_CONFIRM | |
| http://securityreason.com/securityalert/3152 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/479757/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1018704 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/26843 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36660 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/3194 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/25698 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/37101 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:27.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "1018704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-viewlog-file-include(36660)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
},
{
"name": "ADV-2007-3194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25698"
},
{
"name": "37101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "1018704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-viewlog-file-include(36660)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
},
{
"name": "ADV-2007-3194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25698"
},
{
"name": "37101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=46847.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "1018704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-viewlog-file-include(36660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
},
{
"name": "ADV-2007-3194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25698"
},
{
"name": "37101",
"refsource": "OSVDB",
"url": "http://osvdb.org/37101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4976",
"datePublished": "2007-09-19T18:00:00",
"dateReserved": "2007-09-19T00:00:00",
"dateUpdated": "2024-08-07T15:17:27.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6123
Vulnerability from cvelistv5
Published
2006-11-26 23:00
Modified
2024-08-07 20:12
Severity ?
EPSS score ?
Summary
Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/27618 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/1914 | third-party-advisory, x_refsource_SREASON | |
| http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html | mailing-list, x_refsource_BUGTRAQ | |
| http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html | x_refsource_MISC | |
| http://secunia.com/advisories/20597 | third-party-advisory, x_refsource_SECUNIA | |
| http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27376 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27618",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27618"
},
{
"name": "1914",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1914"
},
{
"name": "20060623 [KAPDA]Coppermine 1.4.8~Parameter Cleanup System ByPass~Registering Global Varables",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html"
},
{
"name": "20597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20597"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.sourceforge.net/viewvc/coppermine?view=rev\u0026revision=3133"
},
{
"name": "coppermine-init-security-bypass(27376)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27376"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27618",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27618"
},
{
"name": "1914",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1914"
},
{
"name": "20060623 [KAPDA]Coppermine 1.4.8~Parameter Cleanup System ByPass~Registering Global Varables",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html"
},
{
"name": "20597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20597"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.sourceforge.net/viewvc/coppermine?view=rev\u0026revision=3133"
},
{
"name": "coppermine-init-security-bypass(27376)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27376"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27618",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27618"
},
{
"name": "1914",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1914"
},
{
"name": "20060623 [KAPDA]Coppermine 1.4.8~Parameter Cleanup System ByPass~Registering Global Varables",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html"
},
{
"name": "http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html"
},
{
"name": "20597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20597"
},
{
"name": "http://svn.sourceforge.net/viewvc/coppermine?view=rev\u0026revision=3133",
"refsource": "CONFIRM",
"url": "http://svn.sourceforge.net/viewvc/coppermine?view=rev\u0026revision=3133"
},
{
"name": "coppermine-init-security-bypass(27376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27376"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6123",
"datePublished": "2006-11-26T23:00:00",
"dateReserved": "2006-11-26T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0506
Vulnerability from cvelistv5
Published
2008-01-31 19:30
Modified
2024-08-07 07:46
Severity ?
EPSS score ?
Summary
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.waraxe.us/advisory-65.html | x_refsource_MISC | |
| http://coppermine-gallery.net/forum/index.php?topic=50103.0 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/0367 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/27512 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28682 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/487310/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1019286 | vdb-entry, x_refsource_SECTRACK | |
| https://www.exploit-db.com/exploits/5019 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-65.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "27512",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27512"
},
{
"name": "28682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28682"
},
{
"name": "20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
},
{
"name": "1019286",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019286"
},
{
"name": "5019",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-65.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "27512",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27512"
},
{
"name": "28682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28682"
},
{
"name": "20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
},
{
"name": "1019286",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019286"
},
{
"name": "5019",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-65.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-65.html"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=50103.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "27512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27512"
},
{
"name": "28682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28682"
},
{
"name": "20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
},
{
"name": "1019286",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019286"
},
{
"name": "5019",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0506",
"datePublished": "2008-01-31T19:30:00",
"dateReserved": "2008-01-31T00:00:00",
"dateUpdated": "2024-08-07T07:46:55.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1172
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:44
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111383800707880&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/13218 | vdb-entry, x_refsource_BID | |
| http://coppermine.sourceforge.net/board/index.php?topic=17134 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/15004 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050418 Vulnerability in Coppermine Photo Gallery 1.3.*",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111383800707880\u0026w=2"
},
{
"name": "13218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine.sourceforge.net/board/index.php?topic=17134"
},
{
"name": "15004",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050418 Vulnerability in Coppermine Photo Gallery 1.3.*",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111383800707880\u0026w=2"
},
{
"name": "13218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine.sourceforge.net/board/index.php?topic=17134"
},
{
"name": "15004",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15004"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050418 Vulnerability in Coppermine Photo Gallery 1.3.*",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111383800707880\u0026w=2"
},
{
"name": "13218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13218"
},
{
"name": "http://coppermine.sourceforge.net/board/index.php?topic=17134",
"refsource": "CONFIRM",
"url": "http://coppermine.sourceforge.net/board/index.php?topic=17134"
},
{
"name": "15004",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1172",
"datePublished": "2005-04-18T04:00:00",
"dateReserved": "2005-04-18T00:00:00",
"dateUpdated": "2024-08-07T21:44:05.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1841
Vulnerability from cvelistv5
Published
2008-04-16 17:00
Modified
2024-08-07 08:40
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/28767 | vdb-entry, x_refsource_BID | |
| http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=592069 | x_refsource_CONFIRM | |
| http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html | x_refsource_CONFIRM | |
| http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380&r2=4381 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41788 | vdb-entry, x_refsource_XF | |
| http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log | x_refsource_CONFIRM | |
| http://secunia.com/advisories/29741 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28767"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
},
{
"name": "coppermine-coppermineinc-sql-injection(41788)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
},
{
"name": "29741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28767"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
},
{
"name": "coppermine-coppermineinc-sql-injection(41788)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
},
{
"name": "29741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28767"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,51882.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,51882.0.html"
},
{
"name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381",
"refsource": "CONFIRM",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
},
{
"name": "coppermine-coppermineinc-sql-injection(41788)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
},
{
"name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log",
"refsource": "CONFIRM",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
},
{
"name": "29741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1841",
"datePublished": "2008-04-16T17:00:00",
"dateReserved": "2008-04-16T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2004-04-30 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.0_rc3 | |
| coppermine | coppermine_photo_gallery | 1.1_.0 | |
| coppermine | coppermine_photo_gallery | 1.1_beta_2 | |
| coppermine | coppermine_photo_gallery | 1.2 | |
| coppermine | coppermine_photo_gallery | 1.2.1 | |
| coppermine | coppermine_photo_gallery | 1.2.2_b | |
| francisco_burzi | php-nuke | 6.9 | |
| francisco_burzi | php-nuke | 7.0 | |
| francisco_burzi | php-nuke | 7.0_final | |
| francisco_burzi | php-nuke | 7.1 | |
| francisco_burzi | php-nuke | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3479C85-5B30-43FE-9492-5438D27B8DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E830E59A-57BE-4DE7-9AB4-E8E24359CA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FCDC744-DAF3-449C-B3AE-BA420A636CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDBEDCE-787D-4523-A209-0CCFD6E41064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BBC5F9-1E40-47FF-9371-FD0C7A9458D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b:*:*:*:*:*:*:*",
"matchCriteriaId": "C7292845-96FB-48BF-935F-9BD7772AFD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "70F6320E-314D-4A8F-BC9A-29F730035C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE03D77-9AA8-4DC6-936D-0459BD26B64B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E16D17-B704-4ADA-8F91-B7D96FB52909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA80B501-6EC3-4C8E-A83D-F08FC659CF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87591D05-AC0B-4047-AE5B-69EBEF63ED5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc."
}
],
"id": "CVE-2004-1989",
"lastModified": "2024-11-20T23:52:14.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-30T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11524"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010001"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5912"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16041"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-30 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.0_rc3 | |
| coppermine | coppermine_photo_gallery | 1.1_.0 | |
| coppermine | coppermine_photo_gallery | 1.1_beta_2 | |
| coppermine | coppermine_photo_gallery | 1.2 | |
| coppermine | coppermine_photo_gallery | 1.2.1 | |
| coppermine | coppermine_photo_gallery | 1.2.2_b | |
| francisco_burzi | php-nuke | 6.9 | |
| francisco_burzi | php-nuke | 7.0 | |
| francisco_burzi | php-nuke | 7.0_final | |
| francisco_burzi | php-nuke | 7.1 | |
| francisco_burzi | php-nuke | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3479C85-5B30-43FE-9492-5438D27B8DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E830E59A-57BE-4DE7-9AB4-E8E24359CA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FCDC744-DAF3-449C-B3AE-BA420A636CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDBEDCE-787D-4523-A209-0CCFD6E41064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BBC5F9-1E40-47FF-9371-FD0C7A9458D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b:*:*:*:*:*:*:*",
"matchCriteriaId": "C7292845-96FB-48BF-935F-9BD7772AFD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "70F6320E-314D-4A8F-BC9A-29F730035C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE03D77-9AA8-4DC6-936D-0459BD26B64B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E16D17-B704-4ADA-8F91-B7D96FB52909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA80B501-6EC3-4C8E-A83D-F08FC659CF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87591D05-AC0B-4047-AE5B-69EBEF63ED5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG[\u0027impath\u0027] or (2) $CONFIG[\u0027jpeg_qual\u0027] parameters."
}
],
"id": "CVE-2004-1987",
"lastModified": "2024-11-20T23:52:13.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-30T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11524"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010001"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5759"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16043"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-07 21:46
Modified
2024-11-21 00:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D50BE511-CBA2-45B3-8604-231F13383EF5",
"versionEndIncluding": "1.4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en displayecard.php de Coppermine Photo Gallery (CPG) anterior a 1.4.14 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el par\u00e1metro data."
}
],
"id": "CVE-2007-5888",
"lastModified": "2024-11-21T00:38:52.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-11-07T21:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38420"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27534"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26357"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-16 17:05
Modified
2024-11-21 00:45
Severity ?
Summary
SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * | |
| coppermine | coppermine_photo_gallery | 1.4 | |
| coppermine | coppermine_photo_gallery | 1.4.1 | |
| coppermine | coppermine_photo_gallery | 1.4.2 | |
| coppermine | coppermine_photo_gallery | 1.4.3 | |
| coppermine | coppermine_photo_gallery | 1.4.4 | |
| coppermine | coppermine_photo_gallery | 1.4.5 | |
| coppermine | coppermine_photo_gallery | 1.4.6 | |
| coppermine | coppermine_photo_gallery | 1.4.7 | |
| coppermine | coppermine_photo_gallery | 1.4.8 | |
| coppermine | coppermine_photo_gallery | 1.4.9 | |
| coppermine | coppermine_photo_gallery | 1.4.10 | |
| coppermine | coppermine_photo_gallery | 1.4.11 | |
| coppermine | coppermine_photo_gallery | 1.4.12 | |
| coppermine | coppermine_photo_gallery | 1.4.13 | |
| coppermine | coppermine_photo_gallery | 1.4.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E0C60B-44DD-4E37-A337-FA887D88346A",
"versionEndIncluding": "1.4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "183F2FD0-A6D4-4F86-98D7-FC7D22443654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45C95857-2002-46F1-88AC-CC34F0B943D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA317DD-C804-4349-9BDC-B23FAE493516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFCDB9A-E808-4EC2-A377-CF17C0B6AFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3BB681-16F8-441F-912C-9488791A6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "709BC7EC-6EAB-4880-B210-F6E154FF7CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C614B6-4BC6-4F77-8D4E-9EBDC69B396C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4E2E91-3BDD-4308-A7FB-6C0EB6F3E115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "492C36B4-FB91-4B29-A3B6-0BFF3EF01A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A89B92-8323-4240-80CE-102070202A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BCC40D-EF9C-4843-9183-EA725C9C03FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D02234-2729-499B-A686-F1F85401FEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E21C42CB-86B1-4EC1-A508-809316F83CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F6626384-FA55-4B87-801B-554B9E7EC1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "84687B6F-B1A1-4CE0-A199-40CAF3D293C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en upload.php de Coppermine Photo Gallery (CPG) 1.4.16 y anteriores; permite a usuarios autenticados en remoto o a servidores HTTP asistidos por el usuario, ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de la cabecera de respuesta HTTP Content-Type proporcionada por el servidor HTTP que se utiliza para una actualizaci\u00f3n."
}
],
"id": "CVE-2008-1840",
"lastModified": "2024-11-21T00:45:28.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-16T17:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29795"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/44345"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28766"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/44345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-30 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.0_rc3 | |
| coppermine | coppermine_photo_gallery | 1.1_.0 | |
| coppermine | coppermine_photo_gallery | 1.1_beta_2 | |
| coppermine | coppermine_photo_gallery | 1.2 | |
| coppermine | coppermine_photo_gallery | 1.2.1 | |
| coppermine | coppermine_photo_gallery | 1.2.2_b | |
| francisco_burzi | php-nuke | 6.9 | |
| francisco_burzi | php-nuke | 7.0 | |
| francisco_burzi | php-nuke | 7.0_final | |
| francisco_burzi | php-nuke | 7.1 | |
| francisco_burzi | php-nuke | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3479C85-5B30-43FE-9492-5438D27B8DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E830E59A-57BE-4DE7-9AB4-E8E24359CA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FCDC744-DAF3-449C-B3AE-BA420A636CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDBEDCE-787D-4523-A209-0CCFD6E41064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BBC5F9-1E40-47FF-9371-FD0C7A9458D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b:*:*:*:*:*:*:*",
"matchCriteriaId": "C7292845-96FB-48BF-935F-9BD7772AFD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "70F6320E-314D-4A8F-BC9A-29F730035C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE03D77-9AA8-4DC6-936D-0459BD26B64B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E16D17-B704-4ADA-8F91-B7D96FB52909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA80B501-6EC3-4C8E-A83D-F08FC659CF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87591D05-AC0B-4047-AE5B-69EBEF63ED5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php."
}
],
"id": "CVE-2004-1988",
"lastModified": "2024-11-20T23:52:13.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-30T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11524"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010001"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5761"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16041"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-12 22:02
Modified
2024-11-21 00:12
Severity ?
Summary
Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.4.2 | |
| coppermine | coppermine_photo_gallery | 1.4.3 | |
| coppermine | coppermine_photo_gallery | 1.4.4 | |
| coppermine | coppermine_photo_gallery | 1.4.5 | |
| coppermine | coppermine_photo_gallery | 1.4.6 | |
| coppermine | coppermine_photo_gallery | 1.4_beta |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA317DD-C804-4349-9BDC-B23FAE493516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFCDB9A-E808-4EC2-A377-CF17C0B6AFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3BB681-16F8-441F-912C-9488791A6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "709BC7EC-6EAB-4880-B210-F6E154FF7CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C614B6-4BC6-4F77-8D4E-9EBDC69B396C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2D1312-5285-4D6C-AAD3-2465527F6796",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors."
}
],
"id": "CVE-2006-2976",
"lastModified": "2024-11-21T00:12:32.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-12T22:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://coppermine-gallery.net/forum/index.php?topic=32333.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20465"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=423104\u0026group_id=89658"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2185"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://coppermine-gallery.net/forum/index.php?topic=32333.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=423104\u0026group_id=89658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26983"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-31 20:00
Modified
2024-11-21 00:42
Severity ?
Summary
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95F6AC5A-EA42-4B35-891A-C42527F29C67",
"versionEndIncluding": "1.4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php."
},
{
"lang": "es",
"value": "El archivo include/imageObjectIM.class.php en Coppermine Photo Gallery (CPG) versiones anteriores a 1.4.15, cuando el m\u00e9todo de procesamiento de im\u00e1genes de ImageMagick es configurado, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en el par\u00e1metro (1) quality, (2) angle o (3) clipval en el archivo picEditor.php."
}
],
"id": "CVE-2008-0506",
"lastModified": "2024-11-21T00:42:15.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-31T20:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28682"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/27512"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019286"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"source": "cve@mitre.org",
"url": "http://www.waraxe.us/advisory-65.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/27512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.waraxe.us/advisory-65.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-30 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.0_rc3 | |
| coppermine | coppermine_photo_gallery | 1.1_.0 | |
| coppermine | coppermine_photo_gallery | 1.1_beta_2 | |
| coppermine | coppermine_photo_gallery | 1.2 | |
| coppermine | coppermine_photo_gallery | 1.2.1 | |
| coppermine | coppermine_photo_gallery | 1.2.2_b | |
| francisco_burzi | php-nuke | 6.9 | |
| francisco_burzi | php-nuke | 7.0 | |
| francisco_burzi | php-nuke | 7.0_final | |
| francisco_burzi | php-nuke | 7.1 | |
| francisco_burzi | php-nuke | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3479C85-5B30-43FE-9492-5438D27B8DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E830E59A-57BE-4DE7-9AB4-E8E24359CA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FCDC744-DAF3-449C-B3AE-BA420A636CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDBEDCE-787D-4523-A209-0CCFD6E41064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BBC5F9-1E40-47FF-9371-FD0C7A9458D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b:*:*:*:*:*:*:*",
"matchCriteriaId": "C7292845-96FB-48BF-935F-9BD7772AFD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "70F6320E-314D-4A8F-BC9A-29F730035C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE03D77-9AA8-4DC6-936D-0459BD26B64B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E16D17-B704-4ADA-8F91-B7D96FB52909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA80B501-6EC3-4C8E-A83D-F08FC659CF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87591D05-AC0B-4047-AE5B-69EBEF63ED5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter."
}
],
"id": "CVE-2004-1985",
"lastModified": "2024-11-20T23:52:13.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-30T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11524"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5757"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"source": "cve@mitre.org",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16040"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-26 23:07
Modified
2024-11-21 00:21
Severity ?
Summary
Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.4.8_stable |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.8_stable:*:*:*:*:*:*:*",
"matchCriteriaId": "51EBE501-3EA4-4F88-83C1-05F2198B6E9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected."
},
{
"lang": "es",
"value": "Coppermine Photo Gallery (CPG) 1.4.8 estable, con register_globals activado, permiet a un atacante remoto evitar la protecci\u00f3n XSS y asignar variables de su elecci\u00f3n a trav\u00e9s de una cadena de consulta que provoca que la variable se defina en un espacio global, con los separadores _GET, _REQUEST, u otros par\u00e1metros cr\u00edticos, el cual son desasignados por el esquema de protecci\u00f3n y previenen que la variable original pueda ser detectada."
}
],
"id": "CVE-2006-6123",
"lastModified": "2024-11-21T00:21:52.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-26T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html"
},
{
"source": "cve@mitre.org",
"url": "http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20597"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1914"
},
{
"source": "cve@mitre.org",
"url": "http://svn.sourceforge.net/viewvc/coppermine?view=rev\u0026revision=3133"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27618"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.sourceforge.net/viewvc/coppermine?view=rev\u0026revision=3133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27376"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-23 04:00
Modified
2024-11-21 00:00
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.0_rc3 | |
| coppermine | coppermine_photo_gallery | 1.1_.0 | |
| coppermine | coppermine_photo_gallery | 1.1_beta_2 | |
| coppermine | coppermine_photo_gallery | 1.2 | |
| coppermine | coppermine_photo_gallery | 1.2.1 | |
| coppermine | coppermine_photo_gallery | 1.2.2_b | |
| coppermine | coppermine_photo_gallery | 1.3 | |
| coppermine | coppermine_photo_gallery | 1.3.2 | |
| coppermine | coppermine_photo_gallery | 1.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3479C85-5B30-43FE-9492-5438D27B8DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E830E59A-57BE-4DE7-9AB4-E8E24359CA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FCDC744-DAF3-449C-B3AE-BA420A636CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDBEDCE-787D-4523-A209-0CCFD6E41064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BBC5F9-1E40-47FF-9371-FD0C7A9458D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b:*:*:*:*:*:*:*",
"matchCriteriaId": "C7292845-96FB-48BF-935F-9BD7772AFD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB182E1B-9E32-46CA-9B49-5029107955D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD2CA54-6534-4A4F-9667-8A594B7E43CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF90F7F-070C-4ABE-8F94-7192F18B1A9D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data."
}
],
"id": "CVE-2005-2676",
"lastModified": "2024-11-21T00:00:07.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-23T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=20933.0"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16499"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014799"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=20933.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14625"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-19 18:17
Modified
2024-11-21 00:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.4 | |
| coppermine | coppermine_photo_gallery | 1.4.2 | |
| coppermine | coppermine_photo_gallery | 1.4.4 | |
| coppermine | coppermine_photo_gallery | 1.4.9 | |
| coppermine | coppermine_photo_gallery | 1.4.10 | |
| coppermine | coppermine_photo_gallery | 1.4.11 | |
| coppermine | coppermine_photo_gallery | 1.4.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "183F2FD0-A6D4-4F86-98D7-FC7D22443654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA317DD-C804-4349-9BDC-B23FAE493516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3BB681-16F8-441F-912C-9488791A6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A89B92-8323-4240-80CE-102070202A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BCC40D-EF9C-4843-9183-EA725C9C03FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D02234-2729-499B-A686-F1F85401FEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E21C42CB-86B1-4EC1-A508-809316F83CC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mode.php de Coppermine Photo Gallery (CPG) 1.4.12 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el par\u00e1metro referer."
}
],
"id": "CVE-2007-4977",
"lastModified": "2024-11-21T00:36:51.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-09-19T18:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37100"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/26843"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3152"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/25698"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018704"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/26843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/25698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-24 01:04
Modified
2024-11-21 00:15
Severity ?
Summary
PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B04BAAEE-4047-47BE-AB93-3B3C923EF78F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en cpg.php del componente Coppermine Photo Gallery (com_cpg) 1.0 y anteriores para Mambo permite a atacantes remotos ejecutar c\u00f3digo PHp de su elecci\u00f3n mediante una URL en el par\u00e1metro mosConfig_absolute_path."
}
],
"id": "CVE-2006-4321",
"lastModified": "2024-11-21T00:15:40.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-24T01:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21539"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27970"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19589"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3310"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28413"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2196"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-22 22:02
Modified
2024-11-21 00:11
Severity ?
Summary
Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * | |
| coppermine | coppermine_photo_gallery | 1.0_rc3 | |
| coppermine | coppermine_photo_gallery | 1.1.0 | |
| coppermine | coppermine_photo_gallery | 1.1_beta_2 | |
| coppermine | coppermine_photo_gallery | 1.2 | |
| coppermine | coppermine_photo_gallery | 1.2.1 | |
| coppermine | coppermine_photo_gallery | 1.2.2_b | |
| coppermine | coppermine_photo_gallery | 1.3 | |
| coppermine | coppermine_photo_gallery | 1.3.2 | |
| coppermine | coppermine_photo_gallery | 1.3.3 | |
| coppermine | coppermine_photo_gallery | 1.4.2 | |
| coppermine | coppermine_photo_gallery | 1.4.3 | |
| coppermine | coppermine_photo_gallery | 1.4.4 | |
| coppermine | coppermine_photo_gallery | 1.4_beta |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "275AA095-0E63-43AA-A456-B1FE4C0D45AC",
"versionEndIncluding": "1.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3479C85-5B30-43FE-9492-5438D27B8DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E50D96F4-F7D5-4EF7-83B3-CB588FF6D60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FCDC744-DAF3-449C-B3AE-BA420A636CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDBEDCE-787D-4523-A209-0CCFD6E41064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BBC5F9-1E40-47FF-9371-FD0C7A9458D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b:*:*:*:*:*:*:*",
"matchCriteriaId": "C7292845-96FB-48BF-935F-9BD7772AFD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB182E1B-9E32-46CA-9B49-5029107955D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD2CA54-6534-4A4F-9667-8A594B7E43CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF90F7F-070C-4ABE-8F94-7192F18B1A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA317DD-C804-4349-9BDC-B23FAE493516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFCDB9A-E808-4EC2-A377-CF17C0B6AFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3BB681-16F8-441F-912C-9488791A6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2D1312-5285-4D6C-AAD3-2465527F6796",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions."
}
],
"evaluatorSolution": "Product is vulnerable when running on Apache with mod_mime installed.\r\nThis vulnerability is addressed in the following product release:\r\nCoppermine, Photo Gallery, 1.4.6",
"id": "CVE-2006-2514",
"lastModified": "2024-11-21T00:11:28.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-22T22:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20211"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=418266"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1892"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=418266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26588"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-24 11:02
Modified
2024-11-21 00:07
Severity ?
Summary
Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFCDB9A-E808-4EC2-A377-CF17C0B6AFF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter."
}
],
"id": "CVE-2006-0872",
"lastModified": "2024-11-21T00:07:31.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-24T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=28062.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/cpg_143_adv.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/cpg_143_incl_xpl.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18941"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1015646"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/425387"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16718"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0669"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=28062.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/cpg_143_adv.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/cpg_143_incl_xpl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1015646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24814"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-08 00:28
Modified
2024-11-21 00:26
Severity ?
Summary
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1F67DD-8ED5-4E97-9EBE-3EDC01DE60BB",
"versionEndIncluding": "1.4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) \"Path to custom header include\" and (2) \"Path to custom footer include\" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "admin.php en Coppermine Photo Gallery 1.4.10 y, posiblemente en versiones anteriores, permite a usuarios remotos autenticados incluir ficheros locales de su elecci\u00f3n y, posiblemente, tambi\u00e9n ficheros remotos mediante (1) \"ruta a la inclusi\u00f3n de cabecera personalizada\" y (2) \"ruta a la inclusi\u00f3n del pie de p\u00e1gina personalizado\" en los campos de formulario. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles se obtienen a partir de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-0836",
"lastModified": "2024-11-21T00:26:51.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-08T00:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33094"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24019"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22409"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32233"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.0_rc3 | |
| coppermine | coppermine_photo_gallery | 1.1_.0 | |
| coppermine | coppermine_photo_gallery | 1.1_beta_2 | |
| coppermine | coppermine_photo_gallery | 1.2 | |
| coppermine | coppermine_photo_gallery | 1.2.1 | |
| coppermine | coppermine_photo_gallery | 1.2.2_b | |
| coppermine | coppermine_photo_gallery | 1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3479C85-5B30-43FE-9492-5438D27B8DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E830E59A-57BE-4DE7-9AB4-E8E24359CA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FCDC744-DAF3-449C-B3AE-BA420A636CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDBEDCE-787D-4523-A209-0CCFD6E41064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BBC5F9-1E40-47FF-9371-FD0C7A9458D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b:*:*:*:*:*:*:*",
"matchCriteriaId": "C7292845-96FB-48BF-935F-9BD7772AFD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB182E1B-9E32-46CA-9B49-5029107955D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter."
}
],
"id": "CVE-2005-1172",
"lastModified": "2024-11-20T23:56:46.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine.sourceforge.net/board/index.php?topic=17134"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111383800707880\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15004"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/13218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine.sourceforge.net/board/index.php?topic=17134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111383800707880\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/13218"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD2CA54-6534-4A4F-9667-8A594B7E43CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php."
}
],
"id": "CVE-2005-1225",
"lastModified": "2024-11-20T23:56:52.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111402186304179\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15004"
},
{
"source": "cve@mitre.org",
"url": "http://www.waraxe.us/advisory-42.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111402186304179\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.waraxe.us/advisory-42.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20205"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-04 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.0_rc3 | |
| coppermine | coppermine_photo_gallery | 1.1_.0 | |
| coppermine | coppermine_photo_gallery | 1.1_beta_2 | |
| coppermine | coppermine_photo_gallery | 1.2 | |
| coppermine | coppermine_photo_gallery | 1.2.1 | |
| coppermine | coppermine_photo_gallery | 1.2.2_b | |
| francisco_burzi | php-nuke | 6.9 | |
| francisco_burzi | php-nuke | 7.0 | |
| francisco_burzi | php-nuke | 7.0_final | |
| francisco_burzi | php-nuke | 7.1 | |
| francisco_burzi | php-nuke | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3479C85-5B30-43FE-9492-5438D27B8DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E830E59A-57BE-4DE7-9AB4-E8E24359CA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FCDC744-DAF3-449C-B3AE-BA420A636CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDBEDCE-787D-4523-A209-0CCFD6E41064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BBC5F9-1E40-47FF-9371-FD0C7A9458D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b:*:*:*:*:*:*:*",
"matchCriteriaId": "C7292845-96FB-48BF-935F-9BD7772AFD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "70F6320E-314D-4A8F-BC9A-29F730035C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE03D77-9AA8-4DC6-936D-0459BD26B64B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E16D17-B704-4ADA-8F91-B7D96FB52909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA80B501-6EC3-4C8E-A83D-F08FC659CF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87591D05-AC0B-4047-AE5B-69EBEF63ED5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter."
}
],
"id": "CVE-2004-1986",
"lastModified": "2024-11-20T23:52:13.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-04T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11524"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010001"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5758"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16042"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-09 02:28
Modified
2024-11-21 00:25
Severity ?
Summary
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1F67DD-8ED5-4E97-9EBE-3EDC01DE60BB",
"versionEndIncluding": "1.4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de c\u00f3digo est\u00e1tico en coppermine Photo Gallery 1.4.10 y anteriores permite a administradores autenticados remotamente ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s del Nombre de Usuario para login.php, el cual es inyectado dentro de un mensaje de error en security.log.php, que puede ser accedido utilizando viewlog.php."
}
],
"id": "CVE-2007-0115",
"lastModified": "2024-11-21T00:25:00.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-09T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://acid-root.new.fr/poc/19070104.txt"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33383"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2107"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.attrition.org/pipermail/vim/2007-January/001218.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://acid-root.new.fr/poc/19070104.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.attrition.org/pipermail/vim/2007-January/001218.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-12 23:19
Modified
2024-11-21 00:28
Severity ?
Summary
Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C07BE5E-DAD8-4B10-B2CD-367E91A714FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inclusi\u00f3n remota de archivo en PHP en Coppermine Photo Gallery (CPG) permiten a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro (1) cmd de (a) image_processor.php or (b) picmgmt.inc.php, o el par\u00e1metro (2) path de (c)include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, o (f) pluginmgr.php."
}
],
"id": "CVE-2007-1414",
"lastModified": "2024-11-21T00:28:15.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-12T23:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2416"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35065"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35066"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35067"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35068"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35069"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35070"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462322/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/463532/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/22896"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462322/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/463532/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/22896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32894"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-20 18:06
Modified
2024-11-21 00:10
Severity ?
Summary
Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3BB681-16F8-441F-912C-9488791A6420",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard \"../\" sequences."
}
],
"id": "CVE-2006-1909",
"lastModified": "2024-11-21T00:10:04.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-20T18:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19665"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431062"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431118/30/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17570"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1392"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431118/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25866"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-04 16:30
Modified
2024-11-21 00:33
Severity ?
Summary
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1F67DD-8ED5-4E97-9EBE-3EDC01DE60BB",
"versionEndIncluding": "1.4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Coppermine Photo Gallery (CPG) anterior a 1.4.11 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante una cookie de contrase\u00f1a de \u00e1lbum para un componente no especificado."
}
],
"id": "CVE-2007-3558",
"lastModified": "2024-11-21T00:33:31.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-04T16:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25846"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24710"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-26 17:28
Modified
2024-11-21 00:27
Severity ?
Summary
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.3 | |
| coppermine | coppermine_photo_gallery | 1.3.2 | |
| coppermine | coppermine_photo_gallery | 1.3.3 | |
| coppermine | coppermine_photo_gallery | 1.3.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB182E1B-9E32-46CA-9B49-5029107955D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD2CA54-6534-4A4F-9667-8A594B7E43CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF90F7F-070C-4ABE-8F94-7192F18B1A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91D223FD-D53B-45DA-AB15-B446ADA7B0A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en thumbnails.php en Coppermine Photo Gallery (CPG) 1.3.x permite a usuarios autenticados remotos ejecutar comandos SQL de su elecci\u00f3n mediante una cookie cpg131_fav."
}
],
"id": "CVE-2007-1107",
"lastModified": "2024-11-21T00:27:32.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-26T17:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33133"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2297"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/461158/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22709"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27372"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32688"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39806"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3371"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4950"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/461158/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4961"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD2CA54-6534-4A4F-9667-8A594B7E43CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information."
}
],
"id": "CVE-2005-1226",
"lastModified": "2024-11-20T23:56:53.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111402186304179\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.waraxe.us/advisory-42.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111402186304179\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.waraxe.us/advisory-42.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20206"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-19 10:02
Modified
2024-11-21 00:12
Severity ?
Summary
SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.4.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "492C36B4-FB91-4B29-A3B6-0BFF3EF01A87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when \"Keep detailed hit statistics\" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n include/function.inc.php en Coppermine Photo Gallery (CPG) v1.4.8, cuando \"Keep detailed hit statistics\" est\u00e1 activada, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de la (1) referer y (2) agentes de usuario los encabezados HTTP."
}
],
"id": "CVE-2006-3064",
"lastModified": "2024-11-21T00:12:44.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-19T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20597"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/436799/30/4470/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436799/30/4470/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2317"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-16 17:05
Modified
2024-11-21 00:45
Severity ?
Summary
SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.2.0 | |
| coppermine | coppermine_photo_gallery | 1.2.0rc2 | |
| coppermine | coppermine_photo_gallery | 1.2.1 | |
| coppermine | coppermine_photo_gallery | 1.3.0 | |
| coppermine | coppermine_photo_gallery | 1.3.1 | |
| coppermine | coppermine_photo_gallery | 1.3.2 | |
| coppermine | coppermine_photo_gallery | 1.3.3 | |
| coppermine | coppermine_photo_gallery | 1.3.5 | |
| coppermine | coppermine_photo_gallery | 1.4.2 | |
| coppermine | coppermine_photo_gallery | 1.4.4 | |
| coppermine | coppermine_photo_gallery | 1.4.5 | |
| coppermine | coppermine_photo_gallery | 1.4.6 | |
| coppermine | coppermine_photo_gallery | 1.4.7 | |
| coppermine | coppermine_photo_gallery | 1.4.8 | |
| coppermine | coppermine_photo_gallery | 1.4.9 | |
| coppermine | coppermine_photo_gallery | 1.4.10 | |
| coppermine | coppermine_photo_gallery | 1.4.11 | |
| coppermine | coppermine_photo_gallery | 1.4.12 | |
| coppermine | coppermine_photo_gallery | 1.4.13 | |
| coppermine | coppermine_photo_gallery | 1.4.14 | |
| coppermine | coppermine_photo_gallery | 1.4.16 | |
| coppermine | coppermine_photo_gallery | 1.4.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C650302F-3CE7-43FB-A125-E753053BCE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "04F386E8-4F1F-498A-93A9-5F69E70BF131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BBC5F9-1E40-47FF-9371-FD0C7A9458D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36144FFF-3FC8-4C73-9FD1-3AA870BFF85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C04B35-6E90-4348-A954-02972BBBD0B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD2CA54-6534-4A4F-9667-8A594B7E43CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF90F7F-070C-4ABE-8F94-7192F18B1A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E82C8348-DA66-4F92-A6B9-2F150AEF5E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA317DD-C804-4349-9BDC-B23FAE493516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3BB681-16F8-441F-912C-9488791A6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "709BC7EC-6EAB-4880-B210-F6E154FF7CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C614B6-4BC6-4F77-8D4E-9EBDC69B396C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4E2E91-3BDD-4308-A7FB-6C0EB6F3E115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "492C36B4-FB91-4B29-A3B6-0BFF3EF01A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A89B92-8323-4240-80CE-102070202A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BCC40D-EF9C-4843-9183-EA725C9C03FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D02234-2729-499B-A686-F1F85401FEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E21C42CB-86B1-4EC1-A508-809316F83CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F6626384-FA55-4B87-801B-554B9E7EC1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "84687B6F-B1A1-4CE0-A199-40CAF3D293C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "06A2C9AC-7A77-4EE5-9F12-BD203FE08108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "50DB1549-0A92-4A3A-AAC1-931B0E394647",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funcionalidad de manejo de sesi\u00f3n en bridge/coppermine.inc.php de Coppermine Photo Gallery (CPG) 1.4.17 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de un campo de entrada asociado con la variable session_id, tal y como se realiza en exploits p\u00fablicos desde Abril del 2008.\r\nNOTA: el parche para CVE-2008-1840 ten\u00eda el prop\u00f3sito de abordar esta vulnerabilidad, pero es actualmente inaplicable."
}
],
"id": "CVE-2008-1841",
"lastModified": "2024-11-21T00:45:28.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-16T17:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
},
{
"source": "cve@mitre.org",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
},
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29741"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28767"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-19 18:17
Modified
2024-11-21 00:36
Severity ?
Summary
Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.4 | |
| coppermine | coppermine_photo_gallery | 1.4.2 | |
| coppermine | coppermine_photo_gallery | 1.4.4 | |
| coppermine | coppermine_photo_gallery | 1.4.9 | |
| coppermine | coppermine_photo_gallery | 1.4.10 | |
| coppermine | coppermine_photo_gallery | 1.4.11 | |
| coppermine | coppermine_photo_gallery | 1.4.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "183F2FD0-A6D4-4F86-98D7-FC7D22443654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA317DD-C804-4349-9BDC-B23FAE493516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3BB681-16F8-441F-912C-9488791A6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A89B92-8323-4240-80CE-102070202A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BCC40D-EF9C-4843-9183-EA725C9C03FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D02234-2729-499B-A686-F1F85401FEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E21C42CB-86B1-4EC1-A508-809316F83CC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en viewlog.php de Coppermine Photo Gallery (CPG) 1.4.12 y anteriores permite a administradores remotos autenticados incluir y ejecutar ficheros locales mediante secuencias .. (punto punto) en el par\u00e1metro log."
}
],
"id": "CVE-2007-4976",
"lastModified": "2024-11-21T00:36:51.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-19T18:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37101"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26843"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3152"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25698"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018704"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-08 00:28
Modified
2024-11-21 00:26
Severity ?
Summary
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1F67DD-8ED5-4E97-9EBE-3EDC01DE60BB",
"versionEndIncluding": "1.4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (\";\" semicolon) in the \"Command line options for ImageMagick\" form field, when used as an option to ImageMagick\u0027s convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "admin.php en Coppermine Photo Gallery 1.4.10 y, posiblemente en versiones anteriores, permite a usuarios remotos autenticados ejecutar comandos del int\u00e9rprete de comandos (shell) de su elecci\u00f3n mediante metacaracteres del shell (\";\" punto y coma) en las \"Opciones de la l\u00ednea de comandos para el ImageMagick\" para el campo de formulario, cuando es usado como una opci\u00f3n del comando de conversi\u00f3n del ImageMagick. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles se obtienen a partir de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-0835",
"lastModified": "2024-11-21T00:26:51.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-08T00:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33093"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24019"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22406"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32236"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-09 21:17
Modified
2024-11-21 00:35
Severity ?
Summary
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C04B35-6E90-4348-A954-02972BBBD0B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en bridge/yabbse.inc.php de Coppermine Photo Gallery (CPG) 1.3.1 permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro sourcedir."
}
],
"id": "CVE-2007-4283",
"lastModified": "2024-11-21T00:35:13.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-09T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38710"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2989"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25243"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-31 20:00
Modified
2024-11-21 00:42
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * | |
| coppermine | coppermine_photo_gallery | 1.4.10 | |
| coppermine | coppermine_photo_gallery | 1.4.11 | |
| coppermine | coppermine_photo_gallery | 1.4.12 | |
| coppermine | coppermine_photo_gallery | 1.4.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95F6AC5A-EA42-4B35-891A-C42527F29C67",
"versionEndIncluding": "1.4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BCC40D-EF9C-4843-9183-EA725C9C03FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D02234-2729-499B-A686-F1F85401FEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E21C42CB-86B1-4EC1-A508-809316F83CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F6626384-FA55-4B87-801B-554B9E7EC1F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo docs/showdoc.php en Coppermine Photo Gallery (CPG) versiones anteriores a 1.4.15, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los par\u00e1metros (1) h y (2) t."
}
],
"id": "CVE-2008-0505",
"lastModified": "2024-11-21T00:42:15.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-31T20:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28682"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27511"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"source": "cve@mitre.org",
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.waraxe.us/advisory-66.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-11 20:30
Modified
2024-11-21 01:02
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.4.22 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A0B6A-B8F7-4A2C-B290-FB4794D1D3F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el fichero docs/showdoc.php de Coppermine Photo Gallery (CPG), antes de la versi\u00f3n 1.4.22 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a trav\u00e9s del par\u00e1metro css. Se trata de un vector diferente que CVE-2008-0505."
}
],
"id": "CVE-2009-1616",
"lastModified": "2024-11-21T01:02:54.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-11T20:30:00.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html"
},
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54145"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34961"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34782"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-05-02 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.0_rc3 | |
| coppermine | coppermine_photo_gallery | 1.1_.0 | |
| coppermine | coppermine_photo_gallery | 1.1_beta_2 | |
| coppermine | coppermine_photo_gallery | 1.2 | |
| coppermine | coppermine_photo_gallery | 1.2.1 | |
| coppermine | coppermine_photo_gallery | 1.2.2_b | |
| francisco_burzi | php-nuke | 6.9 | |
| francisco_burzi | php-nuke | 7.0 | |
| francisco_burzi | php-nuke | 7.0_final | |
| francisco_burzi | php-nuke | 7.1 | |
| francisco_burzi | php-nuke | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3479C85-5B30-43FE-9492-5438D27B8DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E830E59A-57BE-4DE7-9AB4-E8E24359CA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FCDC744-DAF3-449C-B3AE-BA420A636CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDBEDCE-787D-4523-A209-0CCFD6E41064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BBC5F9-1E40-47FF-9371-FD0C7A9458D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b:*:*:*:*:*:*:*",
"matchCriteriaId": "C7292845-96FB-48BF-935F-9BD7772AFD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "70F6320E-314D-4A8F-BC9A-29F730035C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE03D77-9AA8-4DC6-936D-0459BD26B64B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E16D17-B704-4ADA-8F91-B7D96FB52909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA80B501-6EC3-4C8E-A83D-F08FC659CF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87591D05-AC0B-4047-AE5B-69EBEF63ED5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message."
}
],
"id": "CVE-2004-1984",
"lastModified": "2024-11-20T23:52:13.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11524"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010001"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5756"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6495"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6496"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6497"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6498"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6499"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6500"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108360247732014\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16039"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-24 11:02
Modified
2024-11-21 00:07
Severity ?
Summary
Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFCDB9A-E808-4EC2-A377-CF17C0B6AFF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames."
}
],
"id": "CVE-2006-0873",
"lastModified": "2024-11-21T00:07:32.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-24T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=28062.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/cpg_143_adv.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18941"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1015646"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/425387"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16718"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0669"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=28062.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/cpg_143_adv.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1015646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24816"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-31 20:07
Modified
2024-11-21 00:19
Severity ?
Summary
SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.4.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A89B92-8323-4240-80CE-102070202A09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en picmgr.php en Coppermine Photo Gallery 1.4.9 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro aid."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nCoppermine, Photo Gallery, 1.4.10",
"id": "CVE-2006-5622",
"lastModified": "2024-11-21T00:19:56.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-31T20:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=37895.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22625"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20774"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4226"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=37895.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-09 02:28
Modified
2024-11-21 00:25
Severity ?
Summary
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * | |
| coppermine | coppermine_photo_gallery | 1.0 | |
| coppermine | coppermine_photo_gallery | 1.0_rc3 | |
| coppermine | coppermine_photo_gallery | 1.1 | |
| coppermine | coppermine_photo_gallery | 1.1_beta_2 | |
| coppermine | coppermine_photo_gallery | 1.2 | |
| coppermine | coppermine_photo_gallery | 1.2.1 | |
| coppermine | coppermine_photo_gallery | 1.2.2_b | |
| coppermine | coppermine_photo_gallery | 1.2.2_b-nuke | |
| coppermine | coppermine_photo_gallery | 1.3 | |
| coppermine | coppermine_photo_gallery | 1.3.2 | |
| coppermine | coppermine_photo_gallery | 1.3.3 | |
| coppermine | coppermine_photo_gallery | 1.3.4 | |
| coppermine | coppermine_photo_gallery | 1.4.4 | |
| coppermine | coppermine_photo_gallery | 1.4.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1F67DD-8ED5-4E97-9EBE-3EDC01DE60BB",
"versionEndIncluding": "1.4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B04BAAEE-4047-47BE-AB93-3B3C923EF78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3479C85-5B30-43FE-9492-5438D27B8DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "304B545E-1B2D-4794-B007-9562C027469D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FCDC744-DAF3-449C-B3AE-BA420A636CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDBEDCE-787D-4523-A209-0CCFD6E41064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BBC5F9-1E40-47FF-9371-FD0C7A9458D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b:*:*:*:*:*:*:*",
"matchCriteriaId": "C7292845-96FB-48BF-935F-9BD7772AFD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b-nuke:*:*:*:*:*:*:*",
"matchCriteriaId": "2C635ED6-287F-426A-B19A-B92FB8A5CC3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB182E1B-9E32-46CA-9B49-5029107955D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD2CA54-6534-4A4F-9667-8A594B7E43CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF90F7F-070C-4ABE-8F94-7192F18B1A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91D223FD-D53B-45DA-AB15-B446ADA7B0A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3BB681-16F8-441F-912C-9488791A6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A89B92-8323-4240-80CE-102070202A09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Coppermine Photo Gallery 1.4.10 y anteriores permiten a administradores autenticados remotamente ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) cat de albmgr.php, y posiblemente (2) el par\u00e1metro gid de usermgr.php; (3) el par\u00e1metro start de db_ecard.php; y el par\u00e1metro albumid de archivos no especificados, relacionados con las funciones (4) filename_to_title y (5) del_titles."
}
],
"id": "CVE-2007-0122",
"lastModified": "2024-11-21T00:25:01.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-09T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://acid-root.new.fr/poc/19070104.txt"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35852"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35853"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35854"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35855"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35856"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25846"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2123"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/21894"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://acid-root.new.fr/poc/19070104.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/21894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3085"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}