Search criteria
105 vulnerabilities found for coppermine_photo_gallery by coppermine
FKIE_CVE-2009-1616
Vulnerability from fkie_nvd - Published: 2009-05-11 20:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.4.22 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A0B6A-B8F7-4A2C-B290-FB4794D1D3F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el fichero docs/showdoc.php de Coppermine Photo Gallery (CPG), antes de la versi\u00f3n 1.4.22 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a trav\u00e9s del par\u00e1metro css. Se trata de un vector diferente que CVE-2008-0505."
}
],
"id": "CVE-2009-1616",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-11T20:30:00.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html"
},
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54145"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34961"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34782"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1841
Vulnerability from fkie_nvd - Published: 2008-04-16 17:05 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.2.0 | |
| coppermine | coppermine_photo_gallery | 1.2.0rc2 | |
| coppermine | coppermine_photo_gallery | 1.2.1 | |
| coppermine | coppermine_photo_gallery | 1.3.0 | |
| coppermine | coppermine_photo_gallery | 1.3.1 | |
| coppermine | coppermine_photo_gallery | 1.3.2 | |
| coppermine | coppermine_photo_gallery | 1.3.3 | |
| coppermine | coppermine_photo_gallery | 1.3.5 | |
| coppermine | coppermine_photo_gallery | 1.4.2 | |
| coppermine | coppermine_photo_gallery | 1.4.4 | |
| coppermine | coppermine_photo_gallery | 1.4.5 | |
| coppermine | coppermine_photo_gallery | 1.4.6 | |
| coppermine | coppermine_photo_gallery | 1.4.7 | |
| coppermine | coppermine_photo_gallery | 1.4.8 | |
| coppermine | coppermine_photo_gallery | 1.4.9 | |
| coppermine | coppermine_photo_gallery | 1.4.10 | |
| coppermine | coppermine_photo_gallery | 1.4.11 | |
| coppermine | coppermine_photo_gallery | 1.4.12 | |
| coppermine | coppermine_photo_gallery | 1.4.13 | |
| coppermine | coppermine_photo_gallery | 1.4.14 | |
| coppermine | coppermine_photo_gallery | 1.4.16 | |
| coppermine | coppermine_photo_gallery | 1.4.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C650302F-3CE7-43FB-A125-E753053BCE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "04F386E8-4F1F-498A-93A9-5F69E70BF131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BBC5F9-1E40-47FF-9371-FD0C7A9458D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36144FFF-3FC8-4C73-9FD1-3AA870BFF85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C04B35-6E90-4348-A954-02972BBBD0B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD2CA54-6534-4A4F-9667-8A594B7E43CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF90F7F-070C-4ABE-8F94-7192F18B1A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E82C8348-DA66-4F92-A6B9-2F150AEF5E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA317DD-C804-4349-9BDC-B23FAE493516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3BB681-16F8-441F-912C-9488791A6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "709BC7EC-6EAB-4880-B210-F6E154FF7CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C614B6-4BC6-4F77-8D4E-9EBDC69B396C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4E2E91-3BDD-4308-A7FB-6C0EB6F3E115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "492C36B4-FB91-4B29-A3B6-0BFF3EF01A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A89B92-8323-4240-80CE-102070202A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BCC40D-EF9C-4843-9183-EA725C9C03FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D02234-2729-499B-A686-F1F85401FEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E21C42CB-86B1-4EC1-A508-809316F83CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F6626384-FA55-4B87-801B-554B9E7EC1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "84687B6F-B1A1-4CE0-A199-40CAF3D293C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "06A2C9AC-7A77-4EE5-9F12-BD203FE08108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "50DB1549-0A92-4A3A-AAC1-931B0E394647",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funcionalidad de manejo de sesi\u00f3n en bridge/coppermine.inc.php de Coppermine Photo Gallery (CPG) 1.4.17 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de un campo de entrada asociado con la variable session_id, tal y como se realiza en exploits p\u00fablicos desde Abril del 2008.\r\nNOTA: el parche para CVE-2008-1840 ten\u00eda el prop\u00f3sito de abordar esta vulnerabilidad, pero es actualmente inaplicable."
}
],
"id": "CVE-2008-1841",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-16T17:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
},
{
"source": "cve@mitre.org",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
},
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29741"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28767"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1840
Vulnerability from fkie_nvd - Published: 2008-04-16 17:05 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * | |
| coppermine | coppermine_photo_gallery | 1.4 | |
| coppermine | coppermine_photo_gallery | 1.4.1 | |
| coppermine | coppermine_photo_gallery | 1.4.2 | |
| coppermine | coppermine_photo_gallery | 1.4.3 | |
| coppermine | coppermine_photo_gallery | 1.4.4 | |
| coppermine | coppermine_photo_gallery | 1.4.5 | |
| coppermine | coppermine_photo_gallery | 1.4.6 | |
| coppermine | coppermine_photo_gallery | 1.4.7 | |
| coppermine | coppermine_photo_gallery | 1.4.8 | |
| coppermine | coppermine_photo_gallery | 1.4.9 | |
| coppermine | coppermine_photo_gallery | 1.4.10 | |
| coppermine | coppermine_photo_gallery | 1.4.11 | |
| coppermine | coppermine_photo_gallery | 1.4.12 | |
| coppermine | coppermine_photo_gallery | 1.4.13 | |
| coppermine | coppermine_photo_gallery | 1.4.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E0C60B-44DD-4E37-A337-FA887D88346A",
"versionEndIncluding": "1.4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "183F2FD0-A6D4-4F86-98D7-FC7D22443654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45C95857-2002-46F1-88AC-CC34F0B943D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA317DD-C804-4349-9BDC-B23FAE493516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFCDB9A-E808-4EC2-A377-CF17C0B6AFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3BB681-16F8-441F-912C-9488791A6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "709BC7EC-6EAB-4880-B210-F6E154FF7CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C614B6-4BC6-4F77-8D4E-9EBDC69B396C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4E2E91-3BDD-4308-A7FB-6C0EB6F3E115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "492C36B4-FB91-4B29-A3B6-0BFF3EF01A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A89B92-8323-4240-80CE-102070202A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BCC40D-EF9C-4843-9183-EA725C9C03FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D02234-2729-499B-A686-F1F85401FEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E21C42CB-86B1-4EC1-A508-809316F83CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F6626384-FA55-4B87-801B-554B9E7EC1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "84687B6F-B1A1-4CE0-A199-40CAF3D293C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en upload.php de Coppermine Photo Gallery (CPG) 1.4.16 y anteriores; permite a usuarios autenticados en remoto o a servidores HTTP asistidos por el usuario, ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de la cabecera de respuesta HTTP Content-Type proporcionada por el servidor HTTP que se utiliza para una actualizaci\u00f3n."
}
],
"id": "CVE-2008-1840",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-16T17:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29795"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/44345"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28766"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/44345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0505
Vulnerability from fkie_nvd - Published: 2008-01-31 20:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * | |
| coppermine | coppermine_photo_gallery | 1.4.10 | |
| coppermine | coppermine_photo_gallery | 1.4.11 | |
| coppermine | coppermine_photo_gallery | 1.4.12 | |
| coppermine | coppermine_photo_gallery | 1.4.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95F6AC5A-EA42-4B35-891A-C42527F29C67",
"versionEndIncluding": "1.4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BCC40D-EF9C-4843-9183-EA725C9C03FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D02234-2729-499B-A686-F1F85401FEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E21C42CB-86B1-4EC1-A508-809316F83CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F6626384-FA55-4B87-801B-554B9E7EC1F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo docs/showdoc.php en Coppermine Photo Gallery (CPG) versiones anteriores a 1.4.15, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los par\u00e1metros (1) h y (2) t."
}
],
"id": "CVE-2008-0505",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-31T20:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28682"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27511"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"source": "cve@mitre.org",
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.waraxe.us/advisory-66.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0506
Vulnerability from fkie_nvd - Published: 2008-01-31 20:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95F6AC5A-EA42-4B35-891A-C42527F29C67",
"versionEndIncluding": "1.4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php."
},
{
"lang": "es",
"value": "El archivo include/imageObjectIM.class.php en Coppermine Photo Gallery (CPG) versiones anteriores a 1.4.15, cuando el m\u00e9todo de procesamiento de im\u00e1genes de ImageMagick es configurado, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en el par\u00e1metro (1) quality, (2) angle o (3) clipval en el archivo picEditor.php."
}
],
"id": "CVE-2008-0506",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-31T20:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28682"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/27512"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019286"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"source": "cve@mitre.org",
"url": "http://www.waraxe.us/advisory-65.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/27512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.waraxe.us/advisory-65.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-5888
Vulnerability from fkie_nvd - Published: 2007-11-07 21:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D50BE511-CBA2-45B3-8604-231F13383EF5",
"versionEndIncluding": "1.4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en displayecard.php de Coppermine Photo Gallery (CPG) anterior a 1.4.14 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el par\u00e1metro data."
}
],
"id": "CVE-2007-5888",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-11-07T21:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38420"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27534"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26357"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4977
Vulnerability from fkie_nvd - Published: 2007-09-19 18:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.4 | |
| coppermine | coppermine_photo_gallery | 1.4.2 | |
| coppermine | coppermine_photo_gallery | 1.4.4 | |
| coppermine | coppermine_photo_gallery | 1.4.9 | |
| coppermine | coppermine_photo_gallery | 1.4.10 | |
| coppermine | coppermine_photo_gallery | 1.4.11 | |
| coppermine | coppermine_photo_gallery | 1.4.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "183F2FD0-A6D4-4F86-98D7-FC7D22443654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA317DD-C804-4349-9BDC-B23FAE493516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3BB681-16F8-441F-912C-9488791A6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A89B92-8323-4240-80CE-102070202A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BCC40D-EF9C-4843-9183-EA725C9C03FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D02234-2729-499B-A686-F1F85401FEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E21C42CB-86B1-4EC1-A508-809316F83CC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mode.php de Coppermine Photo Gallery (CPG) 1.4.12 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el par\u00e1metro referer."
}
],
"id": "CVE-2007-4977",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-09-19T18:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37100"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/26843"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3152"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/25698"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018704"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/26843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/25698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4976
Vulnerability from fkie_nvd - Published: 2007-09-19 18:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.4 | |
| coppermine | coppermine_photo_gallery | 1.4.2 | |
| coppermine | coppermine_photo_gallery | 1.4.4 | |
| coppermine | coppermine_photo_gallery | 1.4.9 | |
| coppermine | coppermine_photo_gallery | 1.4.10 | |
| coppermine | coppermine_photo_gallery | 1.4.11 | |
| coppermine | coppermine_photo_gallery | 1.4.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "183F2FD0-A6D4-4F86-98D7-FC7D22443654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA317DD-C804-4349-9BDC-B23FAE493516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3BB681-16F8-441F-912C-9488791A6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A89B92-8323-4240-80CE-102070202A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BCC40D-EF9C-4843-9183-EA725C9C03FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D02234-2729-499B-A686-F1F85401FEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E21C42CB-86B1-4EC1-A508-809316F83CC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en viewlog.php de Coppermine Photo Gallery (CPG) 1.4.12 y anteriores permite a administradores remotos autenticados incluir y ejecutar ficheros locales mediante secuencias .. (punto punto) en el par\u00e1metro log."
}
],
"id": "CVE-2007-4976",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-19T18:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37101"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26843"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3152"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25698"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018704"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4283
Vulnerability from fkie_nvd - Published: 2007-08-09 21:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | 1.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C04B35-6E90-4348-A954-02972BBBD0B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en bridge/yabbse.inc.php de Coppermine Photo Gallery (CPG) 1.3.1 permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro sourcedir."
}
],
"id": "CVE-2007-4283",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-09T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38710"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2989"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25243"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-3558
Vulnerability from fkie_nvd - Published: 2007-07-04 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1F67DD-8ED5-4E97-9EBE-3EDC01DE60BB",
"versionEndIncluding": "1.4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Coppermine Photo Gallery (CPG) anterior a 1.4.11 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante una cookie de contrase\u00f1a de \u00e1lbum para un componente no especificado."
}
],
"id": "CVE-2007-3558",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-04T16:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25846"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24710"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-1616 (GCVE-0-2009-1616)
Vulnerability from cvelistv5 – Published: 2009-05-11 20:00 – Updated: 2024-09-16 22:08
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:34.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html"
},
{
"name": "34782",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34782"
},
{
"name": "54145",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-11T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html"
},
{
"name": "34782",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34782"
},
{
"name": "54145",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54145"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34961"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,59247.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,59247.0.html"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,59237.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,59237.0.html"
},
{
"name": "34782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34782"
},
{
"name": "54145",
"refsource": "OSVDB",
"url": "http://osvdb.org/54145"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1616",
"datePublished": "2009-05-11T20:00:00Z",
"dateReserved": "2009-05-11T00:00:00Z",
"dateUpdated": "2024-09-16T22:08:47.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1841 (GCVE-0-2008-1841)
Vulnerability from cvelistv5 – Published: 2008-04-16 17:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28767"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
},
{
"name": "coppermine-coppermineinc-sql-injection(41788)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
},
{
"name": "29741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28767"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
},
{
"name": "coppermine-coppermineinc-sql-injection(41788)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
},
{
"name": "29741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28767"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,51882.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,51882.0.html"
},
{
"name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381",
"refsource": "CONFIRM",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
},
{
"name": "coppermine-coppermineinc-sql-injection(41788)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
},
{
"name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log",
"refsource": "CONFIRM",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
},
{
"name": "29741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1841",
"datePublished": "2008-04-16T17:00:00",
"dateReserved": "2008-04-16T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1840 (GCVE-0-2008-1840)
Vulnerability from cvelistv5 – Published: 2008-04-16 17:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "coppermine-upload-sql-injection(41784)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"name": "28766",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28766"
},
{
"name": "29795",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29795"
},
{
"name": "44345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/44345"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "coppermine-upload-sql-injection(41784)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"name": "28766",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28766"
},
{
"name": "29795",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29795"
},
{
"name": "44345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/44345"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coppermine-upload-sql-injection(41784)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"name": "28766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28766"
},
{
"name": "29795",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29795"
},
{
"name": "44345",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44345"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,51787,0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,51787,0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1840",
"datePublished": "2008-04-16T17:00:00",
"dateReserved": "2008-04-16T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0506 (GCVE-0-2008-0506)
Vulnerability from cvelistv5 – Published: 2008-01-31 19:30 – Updated: 2024-08-07 07:46
VLAI?
Summary
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-65.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "27512",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27512"
},
{
"name": "28682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28682"
},
{
"name": "20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
},
{
"name": "1019286",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019286"
},
{
"name": "5019",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-65.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "27512",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27512"
},
{
"name": "28682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28682"
},
{
"name": "20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
},
{
"name": "1019286",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019286"
},
{
"name": "5019",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-65.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-65.html"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=50103.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "27512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27512"
},
{
"name": "28682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28682"
},
{
"name": "20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
},
{
"name": "1019286",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019286"
},
{
"name": "5019",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0506",
"datePublished": "2008-01-31T19:30:00",
"dateReserved": "2008-01-31T00:00:00",
"dateUpdated": "2024-08-07T07:46:55.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0505 (GCVE-0-2008-0505)
Vulnerability from cvelistv5 – Published: 2008-01-31 19:30 – Updated: 2024-08-07 07:46
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27511",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27511"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019285"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "28682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27511",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27511"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019285"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "28682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28682"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27511"
},
{
"name": "http://www.waraxe.us/advisory-66.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=50103.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "28682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28682"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0505",
"datePublished": "2008-01-31T19:30:00",
"dateReserved": "2008-01-31T00:00:00",
"dateUpdated": "2024-08-07T07:46:55.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5888 (GCVE-0-2007-5888)
Vulnerability from cvelistv5 – Published: 2007-11-07 21:00 – Updated: 2024-08-07 15:47
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27534"
},
{
"name": "coppermine-displayecard-xss(38290)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
},
{
"name": "26357",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26357"
},
{
"name": "38420",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38420"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27534"
},
{
"name": "coppermine-displayecard-xss(38290)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
},
{
"name": "26357",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26357"
},
{
"name": "38420",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38420"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27534"
},
{
"name": "coppermine-displayecard-xss(38290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
},
{
"name": "26357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26357"
},
{
"name": "38420",
"refsource": "OSVDB",
"url": "http://osvdb.org/38420"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=48106.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5888",
"datePublished": "2007-11-07T21:00:00",
"dateReserved": "2007-11-07T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4977 (GCVE-0-2007-4977)
Vulnerability from cvelistv5 – Published: 2007-09-19 18:00 – Updated: 2024-08-07 15:17
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:27.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "37100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37100"
},
{
"name": "1018704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-mode-xss(36659)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
},
{
"name": "ADV-2007-3194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "37100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37100"
},
{
"name": "1018704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-mode-xss(36659)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
},
{
"name": "ADV-2007-3194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=46847.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "37100",
"refsource": "OSVDB",
"url": "http://osvdb.org/37100"
},
{
"name": "1018704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-mode-xss(36659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
},
{
"name": "ADV-2007-3194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4977",
"datePublished": "2007-09-19T18:00:00",
"dateReserved": "2007-09-19T00:00:00",
"dateUpdated": "2024-08-07T15:17:27.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4976 (GCVE-0-2007-4976)
Vulnerability from cvelistv5 – Published: 2007-09-19 18:00 – Updated: 2024-08-07 15:17
VLAI?
Summary
Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:27.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "1018704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-viewlog-file-include(36660)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
},
{
"name": "ADV-2007-3194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25698"
},
{
"name": "37101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "1018704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-viewlog-file-include(36660)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
},
{
"name": "ADV-2007-3194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25698"
},
{
"name": "37101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=46847.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "1018704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-viewlog-file-include(36660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
},
{
"name": "ADV-2007-3194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25698"
},
{
"name": "37101",
"refsource": "OSVDB",
"url": "http://osvdb.org/37101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4976",
"datePublished": "2007-09-19T18:00:00",
"dateReserved": "2007-09-19T00:00:00",
"dateUpdated": "2024-08-07T15:17:27.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4283 (GCVE-0-2007-4283)
Vulnerability from cvelistv5 – Published: 2007-08-09 21:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "coppermine-yabbseinc-file-include(35884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
},
{
"name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
},
{
"name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
},
{
"name": "25243",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25243"
},
{
"name": "38710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38710"
},
{
"name": "2989",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "coppermine-yabbseinc-file-include(35884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
},
{
"name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
},
{
"name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
},
{
"name": "25243",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25243"
},
{
"name": "38710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38710"
},
{
"name": "2989",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coppermine-yabbseinc-file-include(35884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
},
{
"name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
},
{
"name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
},
{
"name": "25243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25243"
},
{
"name": "38710",
"refsource": "OSVDB",
"url": "http://osvdb.org/38710"
},
{
"name": "2989",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4283",
"datePublished": "2007-08-09T21:00:00",
"dateReserved": "2007-08-09T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3558 (GCVE-0-2007-3558)
Vulnerability from cvelistv5 – Published: 2007-07-04 16:00 – Updated: 2024-09-16 18:48
VLAI?
Summary
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25846"
},
{
"name": "24710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-04T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25846"
},
{
"name": "24710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25846"
},
{
"name": "24710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24710"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=44845.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3558",
"datePublished": "2007-07-04T16:00:00Z",
"dateReserved": "2007-07-04T00:00:00Z",
"dateUpdated": "2024-09-16T18:48:53.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1616 (GCVE-0-2009-1616)
Vulnerability from nvd – Published: 2009-05-11 20:00 – Updated: 2024-09-16 22:08
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:34.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html"
},
{
"name": "34782",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34782"
},
{
"name": "54145",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-11T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html"
},
{
"name": "34782",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34782"
},
{
"name": "54145",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54145"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34961"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,59247.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,59247.0.html"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,59237.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,59237.0.html"
},
{
"name": "34782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34782"
},
{
"name": "54145",
"refsource": "OSVDB",
"url": "http://osvdb.org/54145"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1616",
"datePublished": "2009-05-11T20:00:00Z",
"dateReserved": "2009-05-11T00:00:00Z",
"dateUpdated": "2024-09-16T22:08:47.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1841 (GCVE-0-2008-1841)
Vulnerability from nvd – Published: 2008-04-16 17:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28767"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
},
{
"name": "coppermine-coppermineinc-sql-injection(41788)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
},
{
"name": "29741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28767"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
},
{
"name": "coppermine-coppermineinc-sql-injection(41788)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
},
{
"name": "29741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28767"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,51882.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,51882.0.html"
},
{
"name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381",
"refsource": "CONFIRM",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
},
{
"name": "coppermine-coppermineinc-sql-injection(41788)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
},
{
"name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log",
"refsource": "CONFIRM",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
},
{
"name": "29741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1841",
"datePublished": "2008-04-16T17:00:00",
"dateReserved": "2008-04-16T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1840 (GCVE-0-2008-1840)
Vulnerability from nvd – Published: 2008-04-16 17:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "coppermine-upload-sql-injection(41784)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"name": "28766",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28766"
},
{
"name": "29795",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29795"
},
{
"name": "44345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/44345"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "coppermine-upload-sql-injection(41784)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"name": "28766",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28766"
},
{
"name": "29795",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29795"
},
{
"name": "44345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/44345"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coppermine-upload-sql-injection(41784)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
},
{
"name": "28766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28766"
},
{
"name": "29795",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29795"
},
{
"name": "44345",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44345"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,51787,0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,51787,0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1840",
"datePublished": "2008-04-16T17:00:00",
"dateReserved": "2008-04-16T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0506 (GCVE-0-2008-0506)
Vulnerability from nvd – Published: 2008-01-31 19:30 – Updated: 2024-08-07 07:46
VLAI?
Summary
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-65.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "27512",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27512"
},
{
"name": "28682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28682"
},
{
"name": "20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
},
{
"name": "1019286",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019286"
},
{
"name": "5019",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-65.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "27512",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27512"
},
{
"name": "28682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28682"
},
{
"name": "20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
},
{
"name": "1019286",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019286"
},
{
"name": "5019",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-65.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-65.html"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=50103.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "27512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27512"
},
{
"name": "28682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28682"
},
{
"name": "20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
},
{
"name": "1019286",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019286"
},
{
"name": "5019",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0506",
"datePublished": "2008-01-31T19:30:00",
"dateReserved": "2008-01-31T00:00:00",
"dateUpdated": "2024-08-07T07:46:55.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0505 (GCVE-0-2008-0505)
Vulnerability from nvd – Published: 2008-01-31 19:30 – Updated: 2024-08-07 07:46
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27511",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27511"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019285"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "28682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27511",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27511"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019285"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "28682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28682"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27511"
},
{
"name": "http://www.waraxe.us/advisory-66.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=50103.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "28682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28682"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0505",
"datePublished": "2008-01-31T19:30:00",
"dateReserved": "2008-01-31T00:00:00",
"dateUpdated": "2024-08-07T07:46:55.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5888 (GCVE-0-2007-5888)
Vulnerability from nvd – Published: 2007-11-07 21:00 – Updated: 2024-08-07 15:47
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27534"
},
{
"name": "coppermine-displayecard-xss(38290)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
},
{
"name": "26357",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26357"
},
{
"name": "38420",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38420"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27534"
},
{
"name": "coppermine-displayecard-xss(38290)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
},
{
"name": "26357",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26357"
},
{
"name": "38420",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38420"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27534"
},
{
"name": "coppermine-displayecard-xss(38290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
},
{
"name": "26357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26357"
},
{
"name": "38420",
"refsource": "OSVDB",
"url": "http://osvdb.org/38420"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=48106.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5888",
"datePublished": "2007-11-07T21:00:00",
"dateReserved": "2007-11-07T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4977 (GCVE-0-2007-4977)
Vulnerability from nvd – Published: 2007-09-19 18:00 – Updated: 2024-08-07 15:17
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:27.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "37100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37100"
},
{
"name": "1018704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-mode-xss(36659)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
},
{
"name": "ADV-2007-3194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "37100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37100"
},
{
"name": "1018704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-mode-xss(36659)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
},
{
"name": "ADV-2007-3194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=46847.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "37100",
"refsource": "OSVDB",
"url": "http://osvdb.org/37100"
},
{
"name": "1018704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-mode-xss(36659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
},
{
"name": "ADV-2007-3194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4977",
"datePublished": "2007-09-19T18:00:00",
"dateReserved": "2007-09-19T00:00:00",
"dateUpdated": "2024-08-07T15:17:27.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4976 (GCVE-0-2007-4976)
Vulnerability from nvd – Published: 2007-09-19 18:00 – Updated: 2024-08-07 15:17
VLAI?
Summary
Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:27.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "1018704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-viewlog-file-include(36660)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
},
{
"name": "ADV-2007-3194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25698"
},
{
"name": "37101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "1018704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-viewlog-file-include(36660)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
},
{
"name": "ADV-2007-3194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25698"
},
{
"name": "37101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=46847.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
},
{
"name": "3152",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3152"
},
{
"name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
},
{
"name": "1018704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018704"
},
{
"name": "26843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26843"
},
{
"name": "coppermine-viewlog-file-include(36660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
},
{
"name": "ADV-2007-3194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3194"
},
{
"name": "25698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25698"
},
{
"name": "37101",
"refsource": "OSVDB",
"url": "http://osvdb.org/37101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4976",
"datePublished": "2007-09-19T18:00:00",
"dateReserved": "2007-09-19T00:00:00",
"dateUpdated": "2024-08-07T15:17:27.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4283 (GCVE-0-2007-4283)
Vulnerability from nvd – Published: 2007-08-09 21:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "coppermine-yabbseinc-file-include(35884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
},
{
"name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
},
{
"name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
},
{
"name": "25243",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25243"
},
{
"name": "38710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38710"
},
{
"name": "2989",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "coppermine-yabbseinc-file-include(35884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
},
{
"name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
},
{
"name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
},
{
"name": "25243",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25243"
},
{
"name": "38710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38710"
},
{
"name": "2989",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coppermine-yabbseinc-file-include(35884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
},
{
"name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
},
{
"name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
},
{
"name": "25243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25243"
},
{
"name": "38710",
"refsource": "OSVDB",
"url": "http://osvdb.org/38710"
},
{
"name": "2989",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4283",
"datePublished": "2007-08-09T21:00:00",
"dateReserved": "2007-08-09T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3558 (GCVE-0-2007-3558)
Vulnerability from nvd – Published: 2007-07-04 16:00 – Updated: 2024-09-16 18:48
VLAI?
Summary
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25846"
},
{
"name": "24710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-04T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25846"
},
{
"name": "24710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25846"
},
{
"name": "24710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24710"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=44845.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3558",
"datePublished": "2007-07-04T16:00:00Z",
"dateReserved": "2007-07-04T00:00:00Z",
"dateUpdated": "2024-09-16T18:48:53.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}