Search criteria
56 vulnerabilities found for coppermine_photo_gallery by coppermine-gallery
CVE-2023-53868 (GCVE-0-2023-53868)
Vulnerability from nvd – Published: 2025-12-15 20:22 – Updated: 2025-12-15 21:48
VLAI?
Title
Coppermine Gallery 1.6.25 Remote Code Execution via Plugin Upload
Summary
Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.
Severity ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Coppermine | coppermine-gallery |
Affected:
1.6.25
|
Credits
Mirabbas Ağalarov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53868",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T21:41:48.437858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T21:48:36.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51738"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "coppermine-gallery",
"vendor": "Coppermine",
"versions": [
{
"status": "affected",
"version": "1.6.25"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mirabbas A\u011falarov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCoppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.\u003c/p\u003e"
}
],
"value": "Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:26:01.471Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51738",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51738"
},
{
"name": "Coppermine Gallery Archived Product Webpage",
"tags": [
"product"
],
"url": "https://web.archive.org/web/20240101151648/https://coppermine-gallery.net/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/coppermine-gallery-remote-code-execution-via-plugin-upload"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Coppermine Gallery 1.6.25 Remote Code Execution via Plugin Upload",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53868",
"datePublished": "2025-12-15T20:22:36.778Z",
"dateReserved": "2025-12-13T14:25:04.997Z",
"dateUpdated": "2025-12-15T21:48:36.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-14478 (GCVE-0-2018-14478)
Vulnerability from nvd – Published: 2019-05-07 17:41 – Updated: 2024-08-05 09:29
VLAI?
Summary
ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/board%2C58.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-07T17:41:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.coppermine-gallery.net/index.php/board%2C58.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/board,58.0.html",
"refsource": "MISC",
"url": "http://forum.coppermine-gallery.net/index.php/board,58.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14478",
"datePublished": "2019-05-07T17:41:50",
"dateReserved": "2018-07-20T00:00:00",
"dateUpdated": "2024-08-05T09:29:51.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4612 (GCVE-0-2014-4612)
Vulnerability from nvd – Published: 2018-03-16 17:00 – Updated: 2024-08-06 11:20
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68140",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68140"
},
{
"name": "[oss-security] 20140623 CVE request: XSS in coppermine gallery before 1.5.28",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/608"
},
{
"name": "[oss-security] 20140624 Re: CVE request: XSS in coppermine gallery before 1.5.28",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/coppermine/code/8674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-16T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68140",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68140"
},
{
"name": "[oss-security] 20140623 CVE request: XSS in coppermine gallery before 1.5.28",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/608"
},
{
"name": "[oss-security] 20140624 Re: CVE request: XSS in coppermine gallery before 1.5.28",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/coppermine/code/8674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68140"
},
{
"name": "[oss-security] 20140623 CVE request: XSS in coppermine gallery before 1.5.28",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/608"
},
{
"name": "[oss-security] 20140624 Re: CVE request: XSS in coppermine gallery before 1.5.28",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/620"
},
{
"name": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt"
},
{
"name": "http://sourceforge.net/p/coppermine/code/8674",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/coppermine/code/8674"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,77376.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,77376.0.html"
},
{
"name": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4612",
"datePublished": "2018-03-16T17:00:00",
"dateReserved": "2014-06-24T00:00:00",
"dateUpdated": "2024-08-06T11:20:26.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6528 (GCVE-0-2015-6528)
Vulnerability from nvd – Published: 2015-08-20 20:00 – Updated: 2024-09-17 01:07
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-20T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6528",
"datePublished": "2015-08-20T20:00:00Z",
"dateReserved": "2015-08-20T00:00:00Z",
"dateUpdated": "2024-09-17T01:07:09.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3923 (GCVE-0-2015-3923)
Vulnerability from nvd – Published: 2015-06-10 18:00 – Updated: 2024-08-06 05:56
VLAI?
Summary
Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:56:16.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75140",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75140"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "75140",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75140"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75140"
},
{
"name": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032558"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3923",
"datePublished": "2015-06-10T18:00:00",
"dateReserved": "2015-05-12T00:00:00",
"dateUpdated": "2024-08-06T05:56:16.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3922 (GCVE-0-2015-3922)
Vulnerability from nvd – Published: 2015-05-27 18:00 – Updated: 2024-08-06 05:56
VLAI?
Summary
Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:56:16.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "74869",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74869"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "74869",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74869"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "74869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74869"
},
{
"name": "1032558",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032558"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3922",
"datePublished": "2015-05-27T18:00:00",
"dateReserved": "2015-05-12T00:00:00",
"dateUpdated": "2024-08-06T05:56:16.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3921 (GCVE-0-2015-3921)
Vulnerability from nvd – Published: 2015-05-27 18:00 – Updated: 2024-08-06 05:56
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:56:16.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"name": "74872",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74872"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"name": "74872",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74872"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032558"
},
{
"name": "74872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74872"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3921",
"datePublished": "2015-05-27T18:00:00",
"dateReserved": "2015-05-12T00:00:00",
"dateUpdated": "2024-08-06T05:56:16.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1613 (GCVE-0-2012-1613)
Vulnerability from nvd – Published: 2012-09-04 20:00 – Updated: 2024-09-16 20:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"name": "80731",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80731"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "48643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48643"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "52818",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-04T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"name": "80731",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80731"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "48643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48643"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "52818",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"name": "http://www.waraxe.us/advisory-81.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"name": "80731",
"refsource": "OSVDB",
"url": "http://osvdb.org/80731"
},
{
"name": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "48643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48643"
},
{
"name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354",
"refsource": "CONFIRM",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "52818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1613",
"datePublished": "2012-09-04T20:00:00Z",
"dateReserved": "2012-03-12T00:00:00Z",
"dateUpdated": "2024-09-16T20:53:22.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1614 (GCVE-0-2012-1614)
Vulnerability from nvd – Published: 2012-09-04 20:00 – Updated: 2024-09-17 00:20
VLAI?
Summary
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "80734",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80734"
},
{
"name": "80735",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80735"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "80732",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80732"
},
{
"name": "80733",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80733"
},
{
"name": "52818",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-04T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "80734",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80734"
},
{
"name": "80735",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80735"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "80732",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80732"
},
{
"name": "80733",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80733"
},
{
"name": "52818",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"name": "http://www.waraxe.us/advisory-81.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"name": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "80734",
"refsource": "OSVDB",
"url": "http://osvdb.org/80734"
},
{
"name": "80735",
"refsource": "OSVDB",
"url": "http://osvdb.org/80735"
},
{
"name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354",
"refsource": "CONFIRM",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "80732",
"refsource": "OSVDB",
"url": "http://osvdb.org/80732"
},
{
"name": "80733",
"refsource": "OSVDB",
"url": "http://osvdb.org/80733"
},
{
"name": "52818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1614",
"datePublished": "2012-09-04T20:00:00Z",
"dateReserved": "2012-03-12T00:00:00Z",
"dateUpdated": "2024-09-17T00:20:42.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3722 (GCVE-0-2011-3722)
Vulnerability from nvd – Published: 2011-09-23 23:00 – Updated: 2024-09-16 23:20
VLAI?
Summary
Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3722",
"datePublished": "2011-09-23T23:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-16T23:20:32.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53868 (GCVE-0-2023-53868)
Vulnerability from cvelistv5 – Published: 2025-12-15 20:22 – Updated: 2025-12-15 21:48
VLAI?
Title
Coppermine Gallery 1.6.25 Remote Code Execution via Plugin Upload
Summary
Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.
Severity ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Coppermine | coppermine-gallery |
Affected:
1.6.25
|
Credits
Mirabbas Ağalarov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53868",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T21:41:48.437858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T21:48:36.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51738"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "coppermine-gallery",
"vendor": "Coppermine",
"versions": [
{
"status": "affected",
"version": "1.6.25"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mirabbas A\u011falarov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCoppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.\u003c/p\u003e"
}
],
"value": "Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:26:01.471Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51738",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51738"
},
{
"name": "Coppermine Gallery Archived Product Webpage",
"tags": [
"product"
],
"url": "https://web.archive.org/web/20240101151648/https://coppermine-gallery.net/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/coppermine-gallery-remote-code-execution-via-plugin-upload"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Coppermine Gallery 1.6.25 Remote Code Execution via Plugin Upload",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53868",
"datePublished": "2025-12-15T20:22:36.778Z",
"dateReserved": "2025-12-13T14:25:04.997Z",
"dateUpdated": "2025-12-15T21:48:36.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-14478 (GCVE-0-2018-14478)
Vulnerability from cvelistv5 – Published: 2019-05-07 17:41 – Updated: 2024-08-05 09:29
VLAI?
Summary
ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/board%2C58.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-07T17:41:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.coppermine-gallery.net/index.php/board%2C58.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/board,58.0.html",
"refsource": "MISC",
"url": "http://forum.coppermine-gallery.net/index.php/board,58.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14478",
"datePublished": "2019-05-07T17:41:50",
"dateReserved": "2018-07-20T00:00:00",
"dateUpdated": "2024-08-05T09:29:51.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4612 (GCVE-0-2014-4612)
Vulnerability from cvelistv5 – Published: 2018-03-16 17:00 – Updated: 2024-08-06 11:20
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68140",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68140"
},
{
"name": "[oss-security] 20140623 CVE request: XSS in coppermine gallery before 1.5.28",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/608"
},
{
"name": "[oss-security] 20140624 Re: CVE request: XSS in coppermine gallery before 1.5.28",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/coppermine/code/8674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-16T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68140",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68140"
},
{
"name": "[oss-security] 20140623 CVE request: XSS in coppermine gallery before 1.5.28",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/608"
},
{
"name": "[oss-security] 20140624 Re: CVE request: XSS in coppermine gallery before 1.5.28",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/coppermine/code/8674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68140"
},
{
"name": "[oss-security] 20140623 CVE request: XSS in coppermine gallery before 1.5.28",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/608"
},
{
"name": "[oss-security] 20140624 Re: CVE request: XSS in coppermine gallery before 1.5.28",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/620"
},
{
"name": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt"
},
{
"name": "http://sourceforge.net/p/coppermine/code/8674",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/coppermine/code/8674"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,77376.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,77376.0.html"
},
{
"name": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4612",
"datePublished": "2018-03-16T17:00:00",
"dateReserved": "2014-06-24T00:00:00",
"dateUpdated": "2024-08-06T11:20:26.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6528 (GCVE-0-2015-6528)
Vulnerability from cvelistv5 – Published: 2015-08-20 20:00 – Updated: 2024-09-17 01:07
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-20T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6528",
"datePublished": "2015-08-20T20:00:00Z",
"dateReserved": "2015-08-20T00:00:00Z",
"dateUpdated": "2024-09-17T01:07:09.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3923 (GCVE-0-2015-3923)
Vulnerability from cvelistv5 – Published: 2015-06-10 18:00 – Updated: 2024-08-06 05:56
VLAI?
Summary
Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:56:16.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75140",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75140"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "75140",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75140"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75140"
},
{
"name": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032558"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3923",
"datePublished": "2015-06-10T18:00:00",
"dateReserved": "2015-05-12T00:00:00",
"dateUpdated": "2024-08-06T05:56:16.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3922 (GCVE-0-2015-3922)
Vulnerability from cvelistv5 – Published: 2015-05-27 18:00 – Updated: 2024-08-06 05:56
VLAI?
Summary
Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:56:16.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "74869",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74869"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "74869",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74869"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "74869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74869"
},
{
"name": "1032558",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032558"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3922",
"datePublished": "2015-05-27T18:00:00",
"dateReserved": "2015-05-12T00:00:00",
"dateUpdated": "2024-08-06T05:56:16.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3921 (GCVE-0-2015-3921)
Vulnerability from cvelistv5 – Published: 2015-05-27 18:00 – Updated: 2024-08-06 05:56
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:56:16.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"name": "74872",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74872"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"name": "74872",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74872"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032558"
},
{
"name": "74872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74872"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3921",
"datePublished": "2015-05-27T18:00:00",
"dateReserved": "2015-05-12T00:00:00",
"dateUpdated": "2024-08-06T05:56:16.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1613 (GCVE-0-2012-1613)
Vulnerability from cvelistv5 – Published: 2012-09-04 20:00 – Updated: 2024-09-16 20:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"name": "80731",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80731"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "48643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48643"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "52818",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-04T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"name": "80731",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80731"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "48643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48643"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "52818",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"name": "http://www.waraxe.us/advisory-81.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"name": "80731",
"refsource": "OSVDB",
"url": "http://osvdb.org/80731"
},
{
"name": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "48643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48643"
},
{
"name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354",
"refsource": "CONFIRM",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "52818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1613",
"datePublished": "2012-09-04T20:00:00Z",
"dateReserved": "2012-03-12T00:00:00Z",
"dateUpdated": "2024-09-16T20:53:22.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1614 (GCVE-0-2012-1614)
Vulnerability from cvelistv5 – Published: 2012-09-04 20:00 – Updated: 2024-09-17 00:20
VLAI?
Summary
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "80734",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80734"
},
{
"name": "80735",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80735"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "80732",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80732"
},
{
"name": "80733",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80733"
},
{
"name": "52818",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-04T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "80734",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80734"
},
{
"name": "80735",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80735"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "80732",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80732"
},
{
"name": "80733",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80733"
},
{
"name": "52818",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"name": "http://www.waraxe.us/advisory-81.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"name": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "80734",
"refsource": "OSVDB",
"url": "http://osvdb.org/80734"
},
{
"name": "80735",
"refsource": "OSVDB",
"url": "http://osvdb.org/80735"
},
{
"name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354",
"refsource": "CONFIRM",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "80732",
"refsource": "OSVDB",
"url": "http://osvdb.org/80732"
},
{
"name": "80733",
"refsource": "OSVDB",
"url": "http://osvdb.org/80733"
},
{
"name": "52818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1614",
"datePublished": "2012-09-04T20:00:00Z",
"dateReserved": "2012-03-12T00:00:00Z",
"dateUpdated": "2024-09-17T00:20:42.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3722 (GCVE-0-2011-3722)
Vulnerability from cvelistv5 – Published: 2011-09-23 23:00 – Updated: 2024-09-16 23:20
VLAI?
Summary
Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3722",
"datePublished": "2011-09-23T23:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-16T23:20:32.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2018-14478
Vulnerability from fkie_nvd - Published: 2019-05-07 18:29 - Updated: 2024-11-21 03:49
Severity ?
Summary
ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.5.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.46:*:*:*:*:*:*:*",
"matchCriteriaId": "C45B03DC-6A02-40A2-8205-A376DC386E5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter."
},
{
"lang": "es",
"value": "ecard.php en Coppermine Photo Gallery (CPG) 1.5.46 tiene XSS a trav\u00e9s del par\u00e1metro sender_name, recipient_email, greetings, o recipient_name."
}
],
"id": "CVE-2018-14478",
"lastModified": "2024-11-21T03:49:10.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-07T18:29:00.677",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/board%2C58.0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/board%2C58.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-4612
Vulnerability from fkie_nvd - Published: 2018-03-16 17:29 - Updated: 2024-11-21 02:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | * | |
| coppermine-gallery | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAF01D0-1072-4612-B335-446A5326FAB2",
"versionEndExcluding": "1.5.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37559B95-C1D3-488C-80B8-8A3B898B899F",
"versionEndExcluding": "1.6.01",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en el gestor de palabras clave en Coppermine Photo Gallery en versiones anteriores a la 1.5.27 y en versiones 1.6.x anteriores a la 1.6.01 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores no especificados."
}
],
"id": "CVE-2014-4612",
"lastModified": "2024-11-21T02:10:34.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-16T17:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q2/608"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q2/620"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/p/coppermine/code/8674"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68140"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q2/608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q2/620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/p/coppermine/code/8674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-6528
Vulnerability from fkie_nvd - Published: 2015-08-20 20:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.5.36 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.36:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9F8AFC-AC75-4BB9-9D3B-985341B8C480",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en install_classic.php en Coppermine Photo Gallery (CPG) 1.5.36, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix o (9) impath."
}
],
"id": "CVE-2015-6528",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-08-20T20:59:01.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3923
Vulnerability from fkie_nvd - Published: 2015-06-10 18:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B88128-B2ED-4348-80E5-E1C5047E45C9",
"versionEndIncluding": "1.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php."
},
{
"lang": "es",
"value": "Coppermine Photo Gallery anterior a 1.5.36 permite a atacantes remotos enumerar directorios a trav\u00e9s de una ruta completa en el par\u00e1metro folder en minibrowser.php."
}
],
"id": "CVE-2015-3923",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-10T18:59:05.770",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/75140"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032558"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3922
Vulnerability from fkie_nvd - Published: 2015-05-27 18:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8149EEE8-5F8C-45AE-AEB8-1707746E371A",
"versionEndIncluding": "1.5.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de la redirecci\u00f3n abierta en mode.php en Coppermine Photo Gallery anterior a 1.5.36 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una URL en el par\u00e1metro referer."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
"id": "CVE-2015-3922",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-27T18:59:01.977",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74869"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032558"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3921
Vulnerability from fkie_nvd - Published: 2015-05-27 18:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8149EEE8-5F8C-45AE-AEB8-1707746E371A",
"versionEndIncluding": "1.5.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en contact.php en Coppermine Photo Gallery anterior a 1.5.36 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s del par\u00e1metro referer."
}
],
"id": "CVE-2015-3921",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-27T18:59:00.070",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74872"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032558"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-1613
Vulnerability from fkie_nvd - Published: 2012-09-04 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AA49FF-31F5-4A06-9E76-5AAE49112630",
"versionEndIncluding": "1.5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E358276F-157E-4D98-9055-061E6F2F2948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A1831F9-4B4A-4226-B219-B3AFF06FFDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C457C25-AF6B-4F67-BD3B-83361A48CDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "808B8E20-BE09-4FC2-BC73-2F10261E82B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2003E2A5-A902-45A1-9189-15B956976ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1E44B7-ACBD-4CBB-801E-18EACBC0EA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A53D1BF-C884-40F9-9D46-9CCD9ADC183E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "34A35889-023F-4305-A5A8-F7A8D3409172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E51F81AC-6AE1-40E5-B2CB-34E1B5985C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b:*:*:*:*:*:*",
"matchCriteriaId": "8A465AB3-1426-4966-87DF-A1FA3FCCE5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b-nuke:*:*:*:*:*:*",
"matchCriteriaId": "E9D7FF03-F2A7-4014-BF17-8393F5220AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98C672-0D2E-4A78-A206-CC44A5A6E14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7434F90-B968-4385-B2DE-34706DC251A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BAC8-742D-4880-A936-198F89F4E63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92CCBC14-1FBC-46C0-AB0B-BB39264B1C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B309A98E-6FA2-4741-9497-2A7A1E255C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3290C2FD-600E-4CB8-BB46-6750B4AA389B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CFE435D-3CF9-4F43-B704-829E648449B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "4AFF3F0F-88BF-4EB4-8DCA-4D46D181FCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "940D9B5B-7828-4CDC-8BA9-311AD1CF8AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3867BDE-B72A-4F7C-9A8A-20C8ECE608CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "196B664C-C400-4770-893B-E327D40CD525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BF818D-86E5-4886-9447-FE70CBEAEA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B94FCD31-EECA-4323-A63A-554A2AFB3DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C70B0A-C8C8-449E-A8C4-A595B7404DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4388EF8-6825-4E8A-B9F2-7D2F69A95865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "27D59D3A-F55C-4403-BD43-35162EC0E4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13B39376-C331-45B5-95AD-C3DD56BBF687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3DFE45-B65A-46FB-8584-A338143E4F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "15516E4B-8B16-4B81-8881-2E358144BA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEE8E75-36D2-4F99-967E-52FDFA150E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8946662-2C1C-4113-977F-5D7FC3161565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F59212-9725-4926-9905-28C8C64A3A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FB7773-BBCA-4825-8489-7EE43D6BD312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "71058CB9-81CA-4F5B-8204-F21C906A71EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "197EF2C1-ADCF-4596-B5A0-689C10720906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB199205-489B-4BB7-81A4-94D45E19349B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD299AB-0B18-472B-B99E-C0D585AA21CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAE30C2-8F6E-4D43-A477-348F6AD2B28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "74336A4F-20F0-4B9C-A4E0-1E79E24349F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "7247C577-E17F-4D09-A328-49D0452FB8A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7E95837B-413E-409B-9594-9491E453404C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "FB00F866-3646-4E27-A512-6C7D98ED3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAB204D-5E0D-47ED-8C39-A0088B67C26B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "373B8514-3CF4-457F-AC8F-D069F479147C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "1146F552-C3FB-42C6-A1E1-87432EB8B604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1960F0F1-D28D-4AAC-9DA2-CA743E7BE7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B666A787-EAF5-419B-8B7E-974FA27E5DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3A5253F2-634C-482A-948E-5DC482921353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "A1CC1D58-164F-4581-8299-B6735DFF6887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.3:rc:*:*:*:*:*:*",
"matchCriteriaId": "08BBEB6F-4158-434B-AE87-04F4134A1181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853556BA-A5F5-4F65-982E-E1354D6F1F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4AEA6BB9-5EC6-4DFD-8E4A-C5DB77EC1CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2653C9E2-C2CD-432B-BF98-0F559D66CAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2186B3-CD3A-420E-BF20-4E4A3AD31024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "87E3A425-32AD-4C71-8A08-7A40920F58E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A93D40E5-EFFF-4EB6-9427-482F31529711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D7E8EE-B0C3-472E-8E24-83181D2ADBB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en edit_one_pic.php en Coppermine Photo Gallery antes de v1.5.20, permite a usuarios autenticados remotamente con ciertos privilegios, inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro keywords."
}
],
"id": "CVE-2012-1613",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-04T20:55:01.873",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"source": "secalert@redhat.com",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/80731"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48643"
},
{
"source": "secalert@redhat.com",
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52818"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-81.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-1614
Vulnerability from fkie_nvd - Published: 2012-09-04 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AA49FF-31F5-4A06-9E76-5AAE49112630",
"versionEndIncluding": "1.5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E358276F-157E-4D98-9055-061E6F2F2948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A1831F9-4B4A-4226-B219-B3AFF06FFDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C457C25-AF6B-4F67-BD3B-83361A48CDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "808B8E20-BE09-4FC2-BC73-2F10261E82B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2003E2A5-A902-45A1-9189-15B956976ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1E44B7-ACBD-4CBB-801E-18EACBC0EA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A53D1BF-C884-40F9-9D46-9CCD9ADC183E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "34A35889-023F-4305-A5A8-F7A8D3409172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E51F81AC-6AE1-40E5-B2CB-34E1B5985C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b:*:*:*:*:*:*",
"matchCriteriaId": "8A465AB3-1426-4966-87DF-A1FA3FCCE5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b-nuke:*:*:*:*:*:*",
"matchCriteriaId": "E9D7FF03-F2A7-4014-BF17-8393F5220AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98C672-0D2E-4A78-A206-CC44A5A6E14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7434F90-B968-4385-B2DE-34706DC251A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BAC8-742D-4880-A936-198F89F4E63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92CCBC14-1FBC-46C0-AB0B-BB39264B1C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B309A98E-6FA2-4741-9497-2A7A1E255C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3290C2FD-600E-4CB8-BB46-6750B4AA389B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C237F5-4E77-43E3-A10C-0921859F991E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "60C520A7-686D-40AB-A41B-EDDF3EC86819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CFE435D-3CF9-4F43-B704-829E648449B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "4AFF3F0F-88BF-4EB4-8DCA-4D46D181FCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "940D9B5B-7828-4CDC-8BA9-311AD1CF8AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3867BDE-B72A-4F7C-9A8A-20C8ECE608CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "196B664C-C400-4770-893B-E327D40CD525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BF818D-86E5-4886-9447-FE70CBEAEA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B94FCD31-EECA-4323-A63A-554A2AFB3DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C70B0A-C8C8-449E-A8C4-A595B7404DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4388EF8-6825-4E8A-B9F2-7D2F69A95865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "27D59D3A-F55C-4403-BD43-35162EC0E4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13B39376-C331-45B5-95AD-C3DD56BBF687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3DFE45-B65A-46FB-8584-A338143E4F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "15516E4B-8B16-4B81-8881-2E358144BA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEE8E75-36D2-4F99-967E-52FDFA150E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8946662-2C1C-4113-977F-5D7FC3161565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F59212-9725-4926-9905-28C8C64A3A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FB7773-BBCA-4825-8489-7EE43D6BD312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "71058CB9-81CA-4F5B-8204-F21C906A71EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "197EF2C1-ADCF-4596-B5A0-689C10720906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB199205-489B-4BB7-81A4-94D45E19349B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD299AB-0B18-472B-B99E-C0D585AA21CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAE30C2-8F6E-4D43-A477-348F6AD2B28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "74336A4F-20F0-4B9C-A4E0-1E79E24349F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "7247C577-E17F-4D09-A328-49D0452FB8A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7E95837B-413E-409B-9594-9491E453404C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "FB00F866-3646-4E27-A512-6C7D98ED3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAB204D-5E0D-47ED-8C39-A0088B67C26B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "373B8514-3CF4-457F-AC8F-D069F479147C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "1146F552-C3FB-42C6-A1E1-87432EB8B604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1960F0F1-D28D-4AAC-9DA2-CA743E7BE7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B666A787-EAF5-419B-8B7E-974FA27E5DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3A5253F2-634C-482A-948E-5DC482921353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "A1CC1D58-164F-4581-8299-B6735DFF6887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.3:rc:*:*:*:*:*:*",
"matchCriteriaId": "08BBEB6F-4158-434B-AE87-04F4134A1181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853556BA-A5F5-4F65-982E-E1354D6F1F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4AEA6BB9-5EC6-4DFD-8E4A-C5DB77EC1CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2653C9E2-C2CD-432B-BF98-0F559D66CAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2186B3-CD3A-420E-BF20-4E4A3AD31024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "87E3A425-32AD-4C71-8A08-7A40920F58E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A93D40E5-EFFF-4EB6-9427-482F31529711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D7E8EE-B0C3-472E-8E24-83181D2ADBB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message."
},
{
"lang": "es",
"value": "Coppermine Photo Gallery anterior a v1.5.20 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de (1) una solicitud directa plugins/visiblehookpoints/index.php, una p\u00e1gina no v\u00e1lida (2) o (3) los par\u00e1metros gato thumbnails.php, un inv\u00e1lido (4) la p\u00e1gina de par\u00e1metros para usermgr.php, o un inv\u00e1lido (5) newer_than o (6) par\u00e1metro older_than a search.inc.php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error."
}
],
"id": "CVE-2012-1614",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-04T20:55:01.937",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"source": "secalert@redhat.com",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80732"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80733"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80734"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80735"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52818"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-81.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3722
Vulnerability from fkie_nvd - Published: 2011-09-23 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.5.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "87E3A425-32AD-4C71-8A08-7A40920F58E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files."
},
{
"lang": "es",
"value": "Coppermine Photo Gallery (CPG) v1.5.12 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con include/inspekt.php y algunos otros archivos."
}
],
"id": "CVE-2011-3722",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-23T23:55:02.863",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-2476
Vulnerability from fkie_nvd - Published: 2011-06-14 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0F73EA-FDA5-4E0A-8805-2FFCEBE09B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF486D29-245C-4F06-8D8E-E372FFCBEEE3",
"versionEndIncluding": "1.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E358276F-157E-4D98-9055-061E6F2F2948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A1831F9-4B4A-4226-B219-B3AFF06FFDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C457C25-AF6B-4F67-BD3B-83361A48CDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "808B8E20-BE09-4FC2-BC73-2F10261E82B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2003E2A5-A902-45A1-9189-15B956976ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1E44B7-ACBD-4CBB-801E-18EACBC0EA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A53D1BF-C884-40F9-9D46-9CCD9ADC183E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "34A35889-023F-4305-A5A8-F7A8D3409172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E51F81AC-6AE1-40E5-B2CB-34E1B5985C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b:*:*:*:*:*:*",
"matchCriteriaId": "8A465AB3-1426-4966-87DF-A1FA3FCCE5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b-nuke:*:*:*:*:*:*",
"matchCriteriaId": "E9D7FF03-F2A7-4014-BF17-8393F5220AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98C672-0D2E-4A78-A206-CC44A5A6E14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7434F90-B968-4385-B2DE-34706DC251A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BAC8-742D-4880-A936-198F89F4E63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92CCBC14-1FBC-46C0-AB0B-BB39264B1C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B309A98E-6FA2-4741-9497-2A7A1E255C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3290C2FD-600E-4CB8-BB46-6750B4AA389B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C237F5-4E77-43E3-A10C-0921859F991E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "60C520A7-686D-40AB-A41B-EDDF3EC86819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CFE435D-3CF9-4F43-B704-829E648449B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "4AFF3F0F-88BF-4EB4-8DCA-4D46D181FCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "940D9B5B-7828-4CDC-8BA9-311AD1CF8AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3867BDE-B72A-4F7C-9A8A-20C8ECE608CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "196B664C-C400-4770-893B-E327D40CD525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BF818D-86E5-4886-9447-FE70CBEAEA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B94FCD31-EECA-4323-A63A-554A2AFB3DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C70B0A-C8C8-449E-A8C4-A595B7404DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4388EF8-6825-4E8A-B9F2-7D2F69A95865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "27D59D3A-F55C-4403-BD43-35162EC0E4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13B39376-C331-45B5-95AD-C3DD56BBF687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3DFE45-B65A-46FB-8584-A338143E4F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "15516E4B-8B16-4B81-8881-2E358144BA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEE8E75-36D2-4F99-967E-52FDFA150E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8946662-2C1C-4113-977F-5D7FC3161565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F59212-9725-4926-9905-28C8C64A3A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FB7773-BBCA-4825-8489-7EE43D6BD312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "71058CB9-81CA-4F5B-8204-F21C906A71EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "197EF2C1-ADCF-4596-B5A0-689C10720906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB199205-489B-4BB7-81A4-94D45E19349B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD299AB-0B18-472B-B99E-C0D585AA21CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAE30C2-8F6E-4D43-A477-348F6AD2B28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "74336A4F-20F0-4B9C-A4E0-1E79E24349F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "7247C577-E17F-4D09-A328-49D0452FB8A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7E95837B-413E-409B-9594-9491E453404C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "FB00F866-3646-4E27-A512-6C7D98ED3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAB204D-5E0D-47ED-8C39-A0088B67C26B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "373B8514-3CF4-457F-AC8F-D069F479147C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "1146F552-C3FB-42C6-A1E1-87432EB8B604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1960F0F1-D28D-4AAC-9DA2-CA743E7BE7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B666A787-EAF5-419B-8B7E-974FA27E5DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3A5253F2-634C-482A-948E-5DC482921353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "A1CC1D58-164F-4581-8299-B6735DFF6887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.3:rc:*:*:*:*:*:*",
"matchCriteriaId": "08BBEB6F-4158-434B-AE87-04F4134A1181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853556BA-A5F5-4F65-982E-E1354D6F1F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4AEA6BB9-5EC6-4DFD-8E4A-C5DB77EC1CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2653C9E2-C2CD-432B-BF98-0F559D66CAEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery (CPG), antes de v1.5.12 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente de CVE-2010-4667"
}
],
"id": "CVE-2011-2476",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-14T17:55:06.487",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C69495.0.html"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/news/?group_id=89658"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/6"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C69495.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/news/?group_id=89658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68058"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}