Vulnerabilites related to coppermine-gallery - coppermine_photo_gallery
cve-2018-14478
Vulnerability from cvelistv5
Published
2019-05-07 17:41
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://forum.coppermine-gallery.net/index.php/board%2C58.0.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/board%2C58.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-07T17:41:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.coppermine-gallery.net/index.php/board%2C58.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/board,58.0.html",
"refsource": "MISC",
"url": "http://forum.coppermine-gallery.net/index.php/board,58.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14478",
"datePublished": "2019-05-07T17:41:50",
"dateReserved": "2018-07-20T00:00:00",
"dateUpdated": "2024-08-05T09:29:51.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6528
Vulnerability from cvelistv5
Published
2015-08-20 20:00
Modified
2024-09-17 01:07
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-20T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6528",
"datePublished": "2015-08-20T20:00:00Z",
"dateReserved": "2015-08-20T00:00:00Z",
"dateUpdated": "2024-09-17T01:07:09.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3486
Vulnerability from cvelistv5
Published
2008-08-06 17:05
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/31295 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/4108 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/30480 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44133 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/6178 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:27.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31295",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31295"
},
{
"name": "4108",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4108"
},
{
"name": "30480",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30480"
},
{
"name": "coppermine-lang-file-include(44133)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44133"
},
{
"name": "6178",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31295",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31295"
},
{
"name": "4108",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4108"
},
{
"name": "30480",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30480"
},
{
"name": "coppermine-lang-file-include(44133)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44133"
},
{
"name": "6178",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31295",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31295"
},
{
"name": "4108",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4108"
},
{
"name": "30480",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30480"
},
{
"name": "coppermine-lang-file-include(44133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44133"
},
{
"name": "6178",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3486",
"datePublished": "2008-08-06T17:05:00",
"dateReserved": "2008-08-06T00:00:00",
"dateUpdated": "2024-08-07T09:37:27.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3979
Vulnerability from cvelistv5
Published
2005-12-03 19:00
Modified
2024-08-07 23:31
Severity ?
EPSS score ?
Summary
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/17855 | third-party-advisory, x_refsource_SECUNIA | |
| http://coppermine-gallery.net/forum/index.php?topic=24217.0 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2005/2698 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17855",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17855"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=24217.0"
},
{
"name": "ADV-2005-2698",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-05T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17855",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17855"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=24217.0"
},
{
"name": "ADV-2005-2698",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17855"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=24217.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=24217.0"
},
{
"name": "ADV-2005-2698",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3979",
"datePublished": "2005-12-03T19:00:00",
"dateReserved": "2005-12-03T00:00:00",
"dateUpdated": "2024-08-07T23:31:48.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3722
Vulnerability from cvelistv5
Published
2011-09-23 23:00
Modified
2024-09-16 23:20
Severity ?
EPSS score ?
Summary
Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-list, x_refsource_MLIST | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3722",
"datePublished": "2011-09-23T23:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-16T23:20:32.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0504
Vulnerability from cvelistv5
Published
2008-01-31 19:30
Modified
2024-08-07 07:46
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/27509 | vdb-entry, x_refsource_BID | |
| http://www.waraxe.us/advisory-66.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/487351/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1019285 | vdb-entry, x_refsource_SECTRACK | |
| http://coppermine-gallery.net/forum/index.php?topic=50103.0 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/0367 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/28682 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27509"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019285"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "28682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27509"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019285"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "28682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28682"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27509"
},
{
"name": "http://www.waraxe.us/advisory-66.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=50103.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"name": "ADV-2008-0367",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"name": "28682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28682"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0504",
"datePublished": "2008-01-31T19:30:00",
"dateReserved": "2008-01-31T00:00:00",
"dateUpdated": "2024-08-07T07:46:55.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3921
Vulnerability from cvelistv5
Published
2015-05-27 18:00
Modified
2024-08-06 05:56
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1032558 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/74872 | vdb-entry, x_refsource_BID | |
| http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:56:16.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"name": "74872",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74872"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"name": "74872",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74872"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032558"
},
{
"name": "74872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74872"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3921",
"datePublished": "2015-05-27T18:00:00",
"dateReserved": "2015-05-12T00:00:00",
"dateUpdated": "2024-08-06T05:56:16.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3922
Vulnerability from cvelistv5
Published
2015-05-27 18:00
Modified
2024-08-06 05:56
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/74869 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1032558 | vdb-entry, x_refsource_SECTRACK | |
| http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:56:16.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "74869",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74869"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "74869",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74869"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "74869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74869"
},
{
"name": "1032558",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032558"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3922",
"datePublished": "2015-05-27T18:00:00",
"dateReserved": "2015-05-12T00:00:00",
"dateUpdated": "2024-08-06T05:56:16.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2476
Vulnerability from cvelistv5
Published
2011-06-14 17:00
Modified
2024-08-06 23:00
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/08/2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/06/08/6 | mailing-list, x_refsource_MLIST | |
| http://forum.coppermine-gallery.net/index.php/topic%2C69495.0.html | x_refsource_CONFIRM | |
| http://sourceforge.net/news/?group_id=89658 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68058 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110608 CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/2"
},
{
"name": "[oss-security] 20110608 Re: CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C69495.0.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/news/?group_id=89658"
},
{
"name": "cpg-unspecified-xss(68058)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110608 CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/2"
},
{
"name": "[oss-security] 20110608 Re: CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C69495.0.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/news/?group_id=89658"
},
{
"name": "cpg-unspecified-xss(68058)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110608 CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/2"
},
{
"name": "[oss-security] 20110608 Re: CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/6"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,69495.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,69495.0.html"
},
{
"name": "http://sourceforge.net/news/?group_id=89658",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/news/?group_id=89658"
},
{
"name": "cpg-unspecified-xss(68058)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2476",
"datePublished": "2011-06-14T17:00:00",
"dateReserved": "2011-06-14T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3923
Vulnerability from cvelistv5
Published
2015-06-10 18:00
Modified
2024-08-06 05:56
Severity ?
EPSS score ?
Summary
Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/75140 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1032558 | vdb-entry, x_refsource_SECTRACK | |
| http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:56:16.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75140",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75140"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "75140",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75140"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75140"
},
{
"name": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"name": "1032558",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032558"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,78194.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3923",
"datePublished": "2015-06-10T18:00:00",
"dateReserved": "2015-05-12T00:00:00",
"dateUpdated": "2024-08-06T05:56:16.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1614
Vulnerability from cvelistv5
Published
2012-09-04 20:00
Modified
2024-09-17 00:20
Severity ?
EPSS score ?
Summary
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "80734",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80734"
},
{
"name": "80735",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80735"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "80732",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80732"
},
{
"name": "80733",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80733"
},
{
"name": "52818",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-04T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "80734",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80734"
},
{
"name": "80735",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80735"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "80732",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80732"
},
{
"name": "80733",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80733"
},
{
"name": "52818",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"name": "http://www.waraxe.us/advisory-81.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"name": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "80734",
"refsource": "OSVDB",
"url": "http://osvdb.org/80734"
},
{
"name": "80735",
"refsource": "OSVDB",
"url": "http://osvdb.org/80735"
},
{
"name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354",
"refsource": "CONFIRM",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "80732",
"refsource": "OSVDB",
"url": "http://osvdb.org/80732"
},
{
"name": "80733",
"refsource": "OSVDB",
"url": "http://osvdb.org/80733"
},
{
"name": "52818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1614",
"datePublished": "2012-09-04T20:00:00Z",
"dateReserved": "2012-03-12T00:00:00Z",
"dateUpdated": "2024-09-17T00:20:42.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4693
Vulnerability from cvelistv5
Published
2011-01-11 01:00
Modified
2024-08-07 03:55
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/45600 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/42751 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/70173 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/515479/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/70174 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64344 | vdb-entry, x_refsource_XF | |
| http://www.waraxe.us/advisory-79.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:34.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45600",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45600"
},
{
"name": "42751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42751"
},
{
"name": "70173",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70173"
},
{
"name": "20101228 [waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515479/100/0/threaded"
},
{
"name": "70174",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70174"
},
{
"name": "coppermine-help-searchnew-xss(64344)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64344"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-79.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45600",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45600"
},
{
"name": "42751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42751"
},
{
"name": "70173",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70173"
},
{
"name": "20101228 [waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515479/100/0/threaded"
},
{
"name": "70174",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70174"
},
{
"name": "coppermine-help-searchnew-xss(64344)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64344"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-79.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45600"
},
{
"name": "42751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42751"
},
{
"name": "70173",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70173"
},
{
"name": "20101228 [waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515479/100/0/threaded"
},
{
"name": "70174",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70174"
},
{
"name": "coppermine-help-searchnew-xss(64344)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64344"
},
{
"name": "http://www.waraxe.us/advisory-79.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-79.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4693",
"datePublished": "2011-01-11T01:00:00",
"dateReserved": "2011-01-10T00:00:00",
"dateUpdated": "2024-08-07T03:55:34.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4612
Vulnerability from cvelistv5
Published
2018-03-16 17:00
Modified
2024-08-06 11:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68140 | vdb-entry, x_refsource_BID | |
| http://seclists.org/oss-sec/2014/q2/608 | mailing-list, x_refsource_MLIST | |
| http://seclists.org/oss-sec/2014/q2/620 | mailing-list, x_refsource_MLIST | |
| https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt | x_refsource_CONFIRM | |
| http://sourceforge.net/p/coppermine/code/8674 | x_refsource_CONFIRM | |
| http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html | x_refsource_CONFIRM | |
| https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68140",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68140"
},
{
"name": "[oss-security] 20140623 CVE request: XSS in coppermine gallery before 1.5.28",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/608"
},
{
"name": "[oss-security] 20140624 Re: CVE request: XSS in coppermine gallery before 1.5.28",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/coppermine/code/8674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-16T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68140",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68140"
},
{
"name": "[oss-security] 20140623 CVE request: XSS in coppermine gallery before 1.5.28",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/608"
},
{
"name": "[oss-security] 20140624 Re: CVE request: XSS in coppermine gallery before 1.5.28",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/coppermine/code/8674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68140"
},
{
"name": "[oss-security] 20140623 CVE request: XSS in coppermine gallery before 1.5.28",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/608"
},
{
"name": "[oss-security] 20140624 Re: CVE request: XSS in coppermine gallery before 1.5.28",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/620"
},
{
"name": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt"
},
{
"name": "http://sourceforge.net/p/coppermine/code/8674",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/coppermine/code/8674"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,77376.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,77376.0.html"
},
{
"name": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4612",
"datePublished": "2018-03-16T17:00:00",
"dateReserved": "2014-06-24T00:00:00",
"dateUpdated": "2024-08-06T11:20:26.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4667
Vulnerability from cvelistv5
Published
2011-06-14 17:00
Modified
2024-09-16 18:43
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/08/2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/06/08/6 | mailing-list, x_refsource_MLIST | |
| http://bugs.gentoo.org/show_bug.cgi?id=347287 | x_refsource_CONFIRM | |
| http://forum.coppermine-gallery.net/index.php/topic%2C65023.msg322935.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110608 CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/2"
},
{
"name": "[oss-security] 20110608 Re: CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=347287"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C65023.msg322935.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-14T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110608 CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/2"
},
{
"name": "[oss-security] 20110608 Re: CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=347287"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C65023.msg322935.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110608 CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/2"
},
{
"name": "[oss-security] 20110608 Re: CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/6"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=347287",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=347287"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,65023.msg322935.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,65023.msg322935.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4667",
"datePublished": "2011-06-14T17:00:00Z",
"dateReserved": "2011-01-03T00:00:00Z",
"dateUpdated": "2024-09-16T18:43:22.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3481
Vulnerability from cvelistv5
Published
2008-08-05 19:20
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/4108 | third-party-advisory, x_refsource_SREASON | |
| https://www.exploit-db.com/exploits/6178 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:27.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4108",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4108"
},
{
"name": "6178",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4108",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4108"
},
{
"name": "6178",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4108",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4108"
},
{
"name": "6178",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3481",
"datePublished": "2008-08-05T19:20:00",
"dateReserved": "2008-08-05T00:00:00",
"dateUpdated": "2024-08-07T09:37:27.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1613
Vulnerability from cvelistv5
Published
2012-09-04 20:00
Modified
2024-09-16 20:53
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"name": "80731",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80731"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "48643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48643"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "52818",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-04T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"name": "80731",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80731"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "48643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48643"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "52818",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"name": "http://www.waraxe.us/advisory-81.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"name": "80731",
"refsource": "OSVDB",
"url": "http://osvdb.org/80731"
},
{
"name": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "18680",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"name": "48643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48643"
},
{
"name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354",
"refsource": "CONFIRM",
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"name": "52818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52818"
},
{
"name": "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html"
},
{
"name": "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"name": "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1613",
"datePublished": "2012-09-04T20:00:00Z",
"dateReserved": "2012-03-12T00:00:00Z",
"dateUpdated": "2024-09-16T20:53:22.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7187
Vulnerability from cvelistv5
Published
2009-09-09 17:00
Modified
2024-08-07 11:56
Severity ?
EPSS score ?
Summary
Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.waraxe.us/advisory-66.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/487351/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1019285 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2008/0367 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019285"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019285"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-66.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"name": "ADV-2008-0367",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0367"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7187",
"datePublished": "2009-09-09T17:00:00",
"dateReserved": "2009-09-09T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7186
Vulnerability from cvelistv5
Published
2009-09-09 17:00
Modified
2024-08-07 11:56
Severity ?
EPSS score ?
Summary
Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.waraxe.us/advisory-66.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/487351/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1019285 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2008/0367 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019285"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019285"
},
{
"name": "ADV-2008-0367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-66.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"name": "1019285",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"name": "ADV-2008-0367",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0367"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7186",
"datePublished": "2009-09-09T17:00:00",
"dateReserved": "2009-09-09T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-06-14 17:55
Modified
2024-11-21 01:21
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B139CFE-6B63-4FCC-B3E3-97AEA0431EDE",
"versionEndIncluding": "1.4.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E358276F-157E-4D98-9055-061E6F2F2948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A1831F9-4B4A-4226-B219-B3AFF06FFDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C457C25-AF6B-4F67-BD3B-83361A48CDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "808B8E20-BE09-4FC2-BC73-2F10261E82B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2003E2A5-A902-45A1-9189-15B956976ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1E44B7-ACBD-4CBB-801E-18EACBC0EA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A53D1BF-C884-40F9-9D46-9CCD9ADC183E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "34A35889-023F-4305-A5A8-F7A8D3409172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E51F81AC-6AE1-40E5-B2CB-34E1B5985C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b:*:*:*:*:*:*",
"matchCriteriaId": "8A465AB3-1426-4966-87DF-A1FA3FCCE5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b-nuke:*:*:*:*:*:*",
"matchCriteriaId": "E9D7FF03-F2A7-4014-BF17-8393F5220AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98C672-0D2E-4A78-A206-CC44A5A6E14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7434F90-B968-4385-B2DE-34706DC251A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BAC8-742D-4880-A936-198F89F4E63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92CCBC14-1FBC-46C0-AB0B-BB39264B1C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B309A98E-6FA2-4741-9497-2A7A1E255C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3290C2FD-600E-4CB8-BB46-6750B4AA389B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C237F5-4E77-43E3-A10C-0921859F991E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "60C520A7-686D-40AB-A41B-EDDF3EC86819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CFE435D-3CF9-4F43-B704-829E648449B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "4AFF3F0F-88BF-4EB4-8DCA-4D46D181FCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "940D9B5B-7828-4CDC-8BA9-311AD1CF8AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3867BDE-B72A-4F7C-9A8A-20C8ECE608CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "196B664C-C400-4770-893B-E327D40CD525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BF818D-86E5-4886-9447-FE70CBEAEA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B94FCD31-EECA-4323-A63A-554A2AFB3DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C70B0A-C8C8-449E-A8C4-A595B7404DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4388EF8-6825-4E8A-B9F2-7D2F69A95865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "27D59D3A-F55C-4403-BD43-35162EC0E4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13B39376-C331-45B5-95AD-C3DD56BBF687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3DFE45-B65A-46FB-8584-A338143E4F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "15516E4B-8B16-4B81-8881-2E358144BA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEE8E75-36D2-4F99-967E-52FDFA150E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8946662-2C1C-4113-977F-5D7FC3161565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F59212-9725-4926-9905-28C8C64A3A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FB7773-BBCA-4825-8489-7EE43D6BD312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "71058CB9-81CA-4F5B-8204-F21C906A71EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "197EF2C1-ADCF-4596-B5A0-689C10720906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB199205-489B-4BB7-81A4-94D45E19349B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD299AB-0B18-472B-B99E-C0D585AA21CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAE30C2-8F6E-4D43-A477-348F6AD2B28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "74336A4F-20F0-4B9C-A4E0-1E79E24349F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "7247C577-E17F-4D09-A328-49D0452FB8A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7E95837B-413E-409B-9594-9491E453404C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "FB00F866-3646-4E27-A512-6C7D98ED3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAB204D-5E0D-47ED-8C39-A0088B67C26B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "373B8514-3CF4-457F-AC8F-D069F479147C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "1146F552-C3FB-42C6-A1E1-87432EB8B604",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery (CPG), antes de v1.4.27 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-4667",
"lastModified": "2024-11-21T01:21:28.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-14T17:55:02.593",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=347287"
},
{
"source": "secalert@redhat.com",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C65023.msg322935.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=347287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C65023.msg322935.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/6"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-27 18:59
Modified
2024-11-21 02:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8149EEE8-5F8C-45AE-AEB8-1707746E371A",
"versionEndIncluding": "1.5.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en contact.php en Coppermine Photo Gallery anterior a 1.5.36 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s del par\u00e1metro referer."
}
],
"id": "CVE-2015-3921",
"lastModified": "2024-11-21T02:30:05.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-27T18:59:00.070",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74872"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032558"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-04 20:55
Modified
2024-11-21 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AA49FF-31F5-4A06-9E76-5AAE49112630",
"versionEndIncluding": "1.5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E358276F-157E-4D98-9055-061E6F2F2948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A1831F9-4B4A-4226-B219-B3AFF06FFDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C457C25-AF6B-4F67-BD3B-83361A48CDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "808B8E20-BE09-4FC2-BC73-2F10261E82B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2003E2A5-A902-45A1-9189-15B956976ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1E44B7-ACBD-4CBB-801E-18EACBC0EA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A53D1BF-C884-40F9-9D46-9CCD9ADC183E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "34A35889-023F-4305-A5A8-F7A8D3409172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E51F81AC-6AE1-40E5-B2CB-34E1B5985C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b:*:*:*:*:*:*",
"matchCriteriaId": "8A465AB3-1426-4966-87DF-A1FA3FCCE5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b-nuke:*:*:*:*:*:*",
"matchCriteriaId": "E9D7FF03-F2A7-4014-BF17-8393F5220AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98C672-0D2E-4A78-A206-CC44A5A6E14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7434F90-B968-4385-B2DE-34706DC251A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BAC8-742D-4880-A936-198F89F4E63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92CCBC14-1FBC-46C0-AB0B-BB39264B1C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B309A98E-6FA2-4741-9497-2A7A1E255C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3290C2FD-600E-4CB8-BB46-6750B4AA389B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CFE435D-3CF9-4F43-B704-829E648449B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "4AFF3F0F-88BF-4EB4-8DCA-4D46D181FCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "940D9B5B-7828-4CDC-8BA9-311AD1CF8AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3867BDE-B72A-4F7C-9A8A-20C8ECE608CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "196B664C-C400-4770-893B-E327D40CD525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BF818D-86E5-4886-9447-FE70CBEAEA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B94FCD31-EECA-4323-A63A-554A2AFB3DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C70B0A-C8C8-449E-A8C4-A595B7404DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4388EF8-6825-4E8A-B9F2-7D2F69A95865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "27D59D3A-F55C-4403-BD43-35162EC0E4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13B39376-C331-45B5-95AD-C3DD56BBF687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3DFE45-B65A-46FB-8584-A338143E4F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "15516E4B-8B16-4B81-8881-2E358144BA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEE8E75-36D2-4F99-967E-52FDFA150E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8946662-2C1C-4113-977F-5D7FC3161565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F59212-9725-4926-9905-28C8C64A3A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FB7773-BBCA-4825-8489-7EE43D6BD312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "71058CB9-81CA-4F5B-8204-F21C906A71EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "197EF2C1-ADCF-4596-B5A0-689C10720906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB199205-489B-4BB7-81A4-94D45E19349B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD299AB-0B18-472B-B99E-C0D585AA21CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAE30C2-8F6E-4D43-A477-348F6AD2B28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "74336A4F-20F0-4B9C-A4E0-1E79E24349F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "7247C577-E17F-4D09-A328-49D0452FB8A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7E95837B-413E-409B-9594-9491E453404C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "FB00F866-3646-4E27-A512-6C7D98ED3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAB204D-5E0D-47ED-8C39-A0088B67C26B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "373B8514-3CF4-457F-AC8F-D069F479147C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "1146F552-C3FB-42C6-A1E1-87432EB8B604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1960F0F1-D28D-4AAC-9DA2-CA743E7BE7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B666A787-EAF5-419B-8B7E-974FA27E5DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3A5253F2-634C-482A-948E-5DC482921353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "A1CC1D58-164F-4581-8299-B6735DFF6887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.3:rc:*:*:*:*:*:*",
"matchCriteriaId": "08BBEB6F-4158-434B-AE87-04F4134A1181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853556BA-A5F5-4F65-982E-E1354D6F1F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4AEA6BB9-5EC6-4DFD-8E4A-C5DB77EC1CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2653C9E2-C2CD-432B-BF98-0F559D66CAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2186B3-CD3A-420E-BF20-4E4A3AD31024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "87E3A425-32AD-4C71-8A08-7A40920F58E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A93D40E5-EFFF-4EB6-9427-482F31529711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D7E8EE-B0C3-472E-8E24-83181D2ADBB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en edit_one_pic.php en Coppermine Photo Gallery antes de v1.5.20, permite a usuarios autenticados remotamente con ciertos privilegios, inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro keywords."
}
],
"id": "CVE-2012-1613",
"lastModified": "2024-11-21T01:37:19.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-04T20:55:01.873",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"source": "secalert@redhat.com",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/80731"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48643"
},
{
"source": "secalert@redhat.com",
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52818"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-81.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-10 18:59
Modified
2024-11-21 02:30
Severity ?
Summary
Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B88128-B2ED-4348-80E5-E1C5047E45C9",
"versionEndIncluding": "1.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php."
},
{
"lang": "es",
"value": "Coppermine Photo Gallery anterior a 1.5.36 permite a atacantes remotos enumerar directorios a trav\u00e9s de una ruta completa en el par\u00e1metro folder en minibrowser.php."
}
],
"id": "CVE-2015-3923",
"lastModified": "2024-11-21T02:30:05.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-10T18:59:05.770",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/75140"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032558"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-27 18:59
Modified
2024-11-21 02:30
Severity ?
Summary
Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8149EEE8-5F8C-45AE-AEB8-1707746E371A",
"versionEndIncluding": "1.5.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de la redirecci\u00f3n abierta en mode.php en Coppermine Photo Gallery anterior a 1.5.36 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una URL en el par\u00e1metro referer."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
"id": "CVE-2015-3922",
"lastModified": "2024-11-21T02:30:05.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-27T18:59:01.977",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74869"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032558"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-07 18:29
Modified
2024-11-21 03:49
Severity ?
Summary
ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.5.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.46:*:*:*:*:*:*:*",
"matchCriteriaId": "C45B03DC-6A02-40A2-8205-A376DC386E5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter."
},
{
"lang": "es",
"value": "ecard.php en Coppermine Photo Gallery (CPG) 1.5.46 tiene XSS a trav\u00e9s del par\u00e1metro sender_name, recipient_email, greetings, o recipient_name."
}
],
"id": "CVE-2018-14478",
"lastModified": "2024-11-21T03:49:10.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-07T18:29:00.677",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/board%2C58.0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/board%2C58.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-03 19:03
Modified
2024-11-21 00:03
Severity ?
Summary
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://coppermine-gallery.net/forum/index.php?topic=24217.0 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/17855 | Permissions Required, Third Party Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2005/2698 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://coppermine-gallery.net/forum/index.php?topic=24217.0 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17855 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2698 | Permissions Required, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.4 | |
| coppermine-gallery | coppermine_photo_gallery | 1.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "60C520A7-686D-40AB-A41B-EDDF3EC86819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BF818D-86E5-4886-9447-FE70CBEAEA0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request."
},
{
"lang": "es",
"value": "relocate_server.php en Coppermine Photo Gallery (CPG) 1.4.2 y 1.4 beta no se elimina despu\u00e9s de la instalaci\u00f3n y no usa autenticaci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible, como la configuraci\u00f3n de la base de datos, a trav\u00e9s de una petici\u00f3n directa."
}
],
"id": "CVE-2005-3979",
"lastModified": "2024-11-21T00:03:12.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-03T19:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=24217.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17855"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=24217.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2698"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-05 19:41
Modified
2024-11-21 00:49
Severity ?
Summary
themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18597B1E-61F4-4BBA-90B5-5B5F5BF78B85",
"versionEndIncluding": "1.4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E358276F-157E-4D98-9055-061E6F2F2948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A1831F9-4B4A-4226-B219-B3AFF06FFDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C457C25-AF6B-4F67-BD3B-83361A48CDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "808B8E20-BE09-4FC2-BC73-2F10261E82B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2003E2A5-A902-45A1-9189-15B956976ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A53D1BF-C884-40F9-9D46-9CCD9ADC183E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "34A35889-023F-4305-A5A8-F7A8D3409172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E51F81AC-6AE1-40E5-B2CB-34E1B5985C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b:*:*:*:*:*:*",
"matchCriteriaId": "8A465AB3-1426-4966-87DF-A1FA3FCCE5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b-nuke:*:*:*:*:*:*",
"matchCriteriaId": "E9D7FF03-F2A7-4014-BF17-8393F5220AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98C672-0D2E-4A78-A206-CC44A5A6E14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "60C520A7-686D-40AB-A41B-EDDF3EC86819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "4AFF3F0F-88BF-4EB4-8DCA-4D46D181FCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "196B664C-C400-4770-893B-E327D40CD525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BF818D-86E5-4886-9447-FE70CBEAEA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B94FCD31-EECA-4323-A63A-554A2AFB3DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C70B0A-C8C8-449E-A8C4-A595B7404DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4388EF8-6825-4E8A-B9F2-7D2F69A95865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "27D59D3A-F55C-4403-BD43-35162EC0E4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13B39376-C331-45B5-95AD-C3DD56BBF687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3DFE45-B65A-46FB-8584-A338143E4F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "15516E4B-8B16-4B81-8881-2E358144BA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEE8E75-36D2-4F99-967E-52FDFA150E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8946662-2C1C-4113-977F-5D7FC3161565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F59212-9725-4926-9905-28C8C64A3A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FB7773-BBCA-4825-8489-7EE43D6BD312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "71058CB9-81CA-4F5B-8204-F21C906A71EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "197EF2C1-ADCF-4596-B5A0-689C10720906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB199205-489B-4BB7-81A4-94D45E19349B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD299AB-0B18-472B-B99E-C0D585AA21CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message."
},
{
"lang": "es",
"value": "themes/sample/theme.php en Coppermine Photo Gallery (CPG) 1.4.18 y versiones anteriores que permite a los atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de peticiones directas, que revelan la ruta de instalaci\u00f3n en un mensaje de error."
}
],
"evaluatorImpact": "as per vendor link: http://coppermine-gallery.net/\r\n\"The development team is releasing a security update for Coppermine in order to counter a recently discovered injection vulnerability. It is important that all users who run version cpg1.4.18 or older update to this latest version as soon as possible.\" CVSS score based on this information.",
"id": "CVE-2008-3481",
"lastModified": "2024-11-21T00:49:20.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-05T19:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4108"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6178"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-31 20:00
Modified
2024-11-21 00:42
Severity ?
Summary
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3823A84F-9E42-4E55-849E-C1A0F220D3EA",
"versionEndIncluding": "1.4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E358276F-157E-4D98-9055-061E6F2F2948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A1831F9-4B4A-4226-B219-B3AFF06FFDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C457C25-AF6B-4F67-BD3B-83361A48CDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "808B8E20-BE09-4FC2-BC73-2F10261E82B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2003E2A5-A902-45A1-9189-15B956976ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1E44B7-ACBD-4CBB-801E-18EACBC0EA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A53D1BF-C884-40F9-9D46-9CCD9ADC183E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "34A35889-023F-4305-A5A8-F7A8D3409172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E51F81AC-6AE1-40E5-B2CB-34E1B5985C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b:*:*:*:*:*:*",
"matchCriteriaId": "8A465AB3-1426-4966-87DF-A1FA3FCCE5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b-nuke:*:*:*:*:*:*",
"matchCriteriaId": "E9D7FF03-F2A7-4014-BF17-8393F5220AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98C672-0D2E-4A78-A206-CC44A5A6E14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7434F90-B968-4385-B2DE-34706DC251A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BAC8-742D-4880-A936-198F89F4E63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92CCBC14-1FBC-46C0-AB0B-BB39264B1C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B309A98E-6FA2-4741-9497-2A7A1E255C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3290C2FD-600E-4CB8-BB46-6750B4AA389B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C237F5-4E77-43E3-A10C-0921859F991E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CFE435D-3CF9-4F43-B704-829E648449B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "4AFF3F0F-88BF-4EB4-8DCA-4D46D181FCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "940D9B5B-7828-4CDC-8BA9-311AD1CF8AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3867BDE-B72A-4F7C-9A8A-20C8ECE608CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "196B664C-C400-4770-893B-E327D40CD525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEE8E75-36D2-4F99-967E-52FDFA150E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8946662-2C1C-4113-977F-5D7FC3161565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F59212-9725-4926-9905-28C8C64A3A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FB7773-BBCA-4825-8489-7EE43D6BD312",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Coppermine Photo Gallery (CPG) en versiones anteriores a la 1.4.15 permiten que administradores remotos autenticados ejecuten comandos SQL arbitrarios mediante los par\u00e1metros (1) albumid, (2) startpic y (3) numpics en util.php; y el par\u00e1metro (4) cid_array en reviewcom.php."
}
],
"id": "CVE-2008-0504",
"lastModified": "2024-11-21T00:42:15.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-31T20:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28682"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27509"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"source": "cve@mitre.org",
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.waraxe.us/advisory-66.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-14 17:55
Modified
2024-11-21 01:28
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0F73EA-FDA5-4E0A-8805-2FFCEBE09B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF486D29-245C-4F06-8D8E-E372FFCBEEE3",
"versionEndIncluding": "1.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E358276F-157E-4D98-9055-061E6F2F2948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A1831F9-4B4A-4226-B219-B3AFF06FFDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C457C25-AF6B-4F67-BD3B-83361A48CDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "808B8E20-BE09-4FC2-BC73-2F10261E82B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2003E2A5-A902-45A1-9189-15B956976ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1E44B7-ACBD-4CBB-801E-18EACBC0EA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A53D1BF-C884-40F9-9D46-9CCD9ADC183E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "34A35889-023F-4305-A5A8-F7A8D3409172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E51F81AC-6AE1-40E5-B2CB-34E1B5985C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b:*:*:*:*:*:*",
"matchCriteriaId": "8A465AB3-1426-4966-87DF-A1FA3FCCE5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b-nuke:*:*:*:*:*:*",
"matchCriteriaId": "E9D7FF03-F2A7-4014-BF17-8393F5220AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98C672-0D2E-4A78-A206-CC44A5A6E14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7434F90-B968-4385-B2DE-34706DC251A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BAC8-742D-4880-A936-198F89F4E63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92CCBC14-1FBC-46C0-AB0B-BB39264B1C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B309A98E-6FA2-4741-9497-2A7A1E255C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3290C2FD-600E-4CB8-BB46-6750B4AA389B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C237F5-4E77-43E3-A10C-0921859F991E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "60C520A7-686D-40AB-A41B-EDDF3EC86819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CFE435D-3CF9-4F43-B704-829E648449B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "4AFF3F0F-88BF-4EB4-8DCA-4D46D181FCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "940D9B5B-7828-4CDC-8BA9-311AD1CF8AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3867BDE-B72A-4F7C-9A8A-20C8ECE608CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "196B664C-C400-4770-893B-E327D40CD525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BF818D-86E5-4886-9447-FE70CBEAEA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B94FCD31-EECA-4323-A63A-554A2AFB3DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C70B0A-C8C8-449E-A8C4-A595B7404DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4388EF8-6825-4E8A-B9F2-7D2F69A95865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "27D59D3A-F55C-4403-BD43-35162EC0E4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13B39376-C331-45B5-95AD-C3DD56BBF687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3DFE45-B65A-46FB-8584-A338143E4F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "15516E4B-8B16-4B81-8881-2E358144BA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEE8E75-36D2-4F99-967E-52FDFA150E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8946662-2C1C-4113-977F-5D7FC3161565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F59212-9725-4926-9905-28C8C64A3A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FB7773-BBCA-4825-8489-7EE43D6BD312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "71058CB9-81CA-4F5B-8204-F21C906A71EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "197EF2C1-ADCF-4596-B5A0-689C10720906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB199205-489B-4BB7-81A4-94D45E19349B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD299AB-0B18-472B-B99E-C0D585AA21CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAE30C2-8F6E-4D43-A477-348F6AD2B28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "74336A4F-20F0-4B9C-A4E0-1E79E24349F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "7247C577-E17F-4D09-A328-49D0452FB8A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7E95837B-413E-409B-9594-9491E453404C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "FB00F866-3646-4E27-A512-6C7D98ED3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAB204D-5E0D-47ED-8C39-A0088B67C26B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "373B8514-3CF4-457F-AC8F-D069F479147C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "1146F552-C3FB-42C6-A1E1-87432EB8B604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1960F0F1-D28D-4AAC-9DA2-CA743E7BE7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B666A787-EAF5-419B-8B7E-974FA27E5DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3A5253F2-634C-482A-948E-5DC482921353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "A1CC1D58-164F-4581-8299-B6735DFF6887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.3:rc:*:*:*:*:*:*",
"matchCriteriaId": "08BBEB6F-4158-434B-AE87-04F4134A1181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853556BA-A5F5-4F65-982E-E1354D6F1F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4AEA6BB9-5EC6-4DFD-8E4A-C5DB77EC1CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2653C9E2-C2CD-432B-BF98-0F559D66CAEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery (CPG), antes de v1.5.12 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente de CVE-2010-4667"
}
],
"id": "CVE-2011-2476",
"lastModified": "2024-11-21T01:28:21.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-14T17:55:06.487",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C69495.0.html"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/news/?group_id=89658"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/6"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C69495.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/news/?group_id=89658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68058"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-11 03:00
Modified
2024-11-21 01:21
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF486D29-245C-4F06-8D8E-E372FFCBEEE3",
"versionEndIncluding": "1.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E358276F-157E-4D98-9055-061E6F2F2948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A1831F9-4B4A-4226-B219-B3AFF06FFDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C457C25-AF6B-4F67-BD3B-83361A48CDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "808B8E20-BE09-4FC2-BC73-2F10261E82B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2003E2A5-A902-45A1-9189-15B956976ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1E44B7-ACBD-4CBB-801E-18EACBC0EA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A53D1BF-C884-40F9-9D46-9CCD9ADC183E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "34A35889-023F-4305-A5A8-F7A8D3409172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E51F81AC-6AE1-40E5-B2CB-34E1B5985C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b:*:*:*:*:*:*",
"matchCriteriaId": "8A465AB3-1426-4966-87DF-A1FA3FCCE5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b-nuke:*:*:*:*:*:*",
"matchCriteriaId": "E9D7FF03-F2A7-4014-BF17-8393F5220AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98C672-0D2E-4A78-A206-CC44A5A6E14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7434F90-B968-4385-B2DE-34706DC251A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BAC8-742D-4880-A936-198F89F4E63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92CCBC14-1FBC-46C0-AB0B-BB39264B1C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B309A98E-6FA2-4741-9497-2A7A1E255C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3290C2FD-600E-4CB8-BB46-6750B4AA389B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C237F5-4E77-43E3-A10C-0921859F991E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "60C520A7-686D-40AB-A41B-EDDF3EC86819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CFE435D-3CF9-4F43-B704-829E648449B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "4AFF3F0F-88BF-4EB4-8DCA-4D46D181FCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "940D9B5B-7828-4CDC-8BA9-311AD1CF8AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3867BDE-B72A-4F7C-9A8A-20C8ECE608CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "196B664C-C400-4770-893B-E327D40CD525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BF818D-86E5-4886-9447-FE70CBEAEA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B94FCD31-EECA-4323-A63A-554A2AFB3DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C70B0A-C8C8-449E-A8C4-A595B7404DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4388EF8-6825-4E8A-B9F2-7D2F69A95865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "27D59D3A-F55C-4403-BD43-35162EC0E4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13B39376-C331-45B5-95AD-C3DD56BBF687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3DFE45-B65A-46FB-8584-A338143E4F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "15516E4B-8B16-4B81-8881-2E358144BA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEE8E75-36D2-4F99-967E-52FDFA150E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8946662-2C1C-4113-977F-5D7FC3161565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F59212-9725-4926-9905-28C8C64A3A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FB7773-BBCA-4825-8489-7EE43D6BD312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "71058CB9-81CA-4F5B-8204-F21C906A71EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "197EF2C1-ADCF-4596-B5A0-689C10720906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB199205-489B-4BB7-81A4-94D45E19349B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD299AB-0B18-472B-B99E-C0D585AA21CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAE30C2-8F6E-4D43-A477-348F6AD2B28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "74336A4F-20F0-4B9C-A4E0-1E79E24349F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "7247C577-E17F-4D09-A328-49D0452FB8A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7E95837B-413E-409B-9594-9491E453404C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "FB00F866-3646-4E27-A512-6C7D98ED3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAB204D-5E0D-47ED-8C39-A0088B67C26B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "373B8514-3CF4-457F-AC8F-D069F479147C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "1146F552-C3FB-42C6-A1E1-87432EB8B604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1960F0F1-D28D-4AAC-9DA2-CA743E7BE7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B666A787-EAF5-419B-8B7E-974FA27E5DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3A5253F2-634C-482A-948E-5DC482921353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "A1CC1D58-164F-4581-8299-B6735DFF6887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.3:rc:*:*:*:*:*:*",
"matchCriteriaId": "08BBEB6F-4158-434B-AE87-04F4134A1181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853556BA-A5F5-4F65-982E-E1354D6F1F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4AEA6BB9-5EC6-4DFD-8E4A-C5DB77EC1CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2653C9E2-C2CD-432B-BF98-0F559D66CAEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery 1.5.10 y versiones anteriores. Permiten a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) h y (2) t de help.php, o el par\u00e1metro (3) picfile_XXX de searchnew.php."
}
],
"id": "CVE-2010-4693",
"lastModified": "2024-11-21T01:21:32.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-11T03:00:04.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42751"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/70173"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/70174"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/515479/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/45600"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-79.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/70173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/70174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/515479/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/45600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-79.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64344"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-23 23:55
Modified
2024-11-21 01:31
Severity ?
Summary
Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.5.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "87E3A425-32AD-4C71-8A08-7A40920F58E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files."
},
{
"lang": "es",
"value": "Coppermine Photo Gallery (CPG) v1.5.12 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con include/inspekt.php y algunos otros archivos."
}
],
"id": "CVE-2011-3722",
"lastModified": "2024-11-21T01:31:04.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-23T23:55:02.863",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CopperminePhotoGallery-1.5.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-09 17:30
Modified
2024-11-21 00:58
Severity ?
Summary
Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.4.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "71058CB9-81CA-4F5B-8204-F21C906A71EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504."
},
{
"lang": "es",
"value": "Coppermine Photo Gallery (CPG) v1.4.14 no restringe el acceso a update.php, lo que permite a atacantes remotos obtener informaci\u00f3n sensible como el prefijo de la tabla de la base de datos a trav\u00e9s de una petici\u00f3n directa. NOTA: esto podr\u00eda ser aprovechado para ataques contra CVE-2008-0504."
}
],
"id": "CVE-2008-7186",
"lastModified": "2024-11-21T00:58:29.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-09T17:30:01.093",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-66.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-09 17:30
Modified
2024-11-21 00:58
Severity ?
Summary
Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.4.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "71058CB9-81CA-4F5B-8204-F21C906A71EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message."
},
{
"lang": "es",
"value": "Coppermine Photo Gallery (CPG) v1.4.14, permite a atacantes remoto obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a include/slideshow.inc.php, filtrando el directorio de instalaci\u00f3n en un mensaje de error."
}
],
"id": "CVE-2008-7187",
"lastModified": "2024-11-21T00:58:29.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-09T17:30:01.157",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-66.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-66.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-04 20:55
Modified
2024-11-21 01:37
Severity ?
Summary
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AA49FF-31F5-4A06-9E76-5AAE49112630",
"versionEndIncluding": "1.5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E358276F-157E-4D98-9055-061E6F2F2948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A1831F9-4B4A-4226-B219-B3AFF06FFDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C457C25-AF6B-4F67-BD3B-83361A48CDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "808B8E20-BE09-4FC2-BC73-2F10261E82B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2003E2A5-A902-45A1-9189-15B956976ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1E44B7-ACBD-4CBB-801E-18EACBC0EA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A53D1BF-C884-40F9-9D46-9CCD9ADC183E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "34A35889-023F-4305-A5A8-F7A8D3409172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E51F81AC-6AE1-40E5-B2CB-34E1B5985C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b:*:*:*:*:*:*",
"matchCriteriaId": "8A465AB3-1426-4966-87DF-A1FA3FCCE5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b-nuke:*:*:*:*:*:*",
"matchCriteriaId": "E9D7FF03-F2A7-4014-BF17-8393F5220AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98C672-0D2E-4A78-A206-CC44A5A6E14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7434F90-B968-4385-B2DE-34706DC251A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BAC8-742D-4880-A936-198F89F4E63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92CCBC14-1FBC-46C0-AB0B-BB39264B1C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B309A98E-6FA2-4741-9497-2A7A1E255C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3290C2FD-600E-4CB8-BB46-6750B4AA389B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C237F5-4E77-43E3-A10C-0921859F991E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "60C520A7-686D-40AB-A41B-EDDF3EC86819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CFE435D-3CF9-4F43-B704-829E648449B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "4AFF3F0F-88BF-4EB4-8DCA-4D46D181FCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "940D9B5B-7828-4CDC-8BA9-311AD1CF8AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3867BDE-B72A-4F7C-9A8A-20C8ECE608CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "196B664C-C400-4770-893B-E327D40CD525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BF818D-86E5-4886-9447-FE70CBEAEA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B94FCD31-EECA-4323-A63A-554A2AFB3DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C70B0A-C8C8-449E-A8C4-A595B7404DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4388EF8-6825-4E8A-B9F2-7D2F69A95865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "27D59D3A-F55C-4403-BD43-35162EC0E4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13B39376-C331-45B5-95AD-C3DD56BBF687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3DFE45-B65A-46FB-8584-A338143E4F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "15516E4B-8B16-4B81-8881-2E358144BA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEE8E75-36D2-4F99-967E-52FDFA150E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8946662-2C1C-4113-977F-5D7FC3161565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F59212-9725-4926-9905-28C8C64A3A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FB7773-BBCA-4825-8489-7EE43D6BD312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "71058CB9-81CA-4F5B-8204-F21C906A71EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "197EF2C1-ADCF-4596-B5A0-689C10720906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB199205-489B-4BB7-81A4-94D45E19349B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD299AB-0B18-472B-B99E-C0D585AA21CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAE30C2-8F6E-4D43-A477-348F6AD2B28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "74336A4F-20F0-4B9C-A4E0-1E79E24349F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "7247C577-E17F-4D09-A328-49D0452FB8A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7E95837B-413E-409B-9594-9491E453404C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "FB00F866-3646-4E27-A512-6C7D98ED3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAB204D-5E0D-47ED-8C39-A0088B67C26B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "373B8514-3CF4-457F-AC8F-D069F479147C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "1146F552-C3FB-42C6-A1E1-87432EB8B604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1960F0F1-D28D-4AAC-9DA2-CA743E7BE7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B666A787-EAF5-419B-8B7E-974FA27E5DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3A5253F2-634C-482A-948E-5DC482921353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "A1CC1D58-164F-4581-8299-B6735DFF6887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.3:rc:*:*:*:*:*:*",
"matchCriteriaId": "08BBEB6F-4158-434B-AE87-04F4134A1181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853556BA-A5F5-4F65-982E-E1354D6F1F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4AEA6BB9-5EC6-4DFD-8E4A-C5DB77EC1CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2653C9E2-C2CD-432B-BF98-0F559D66CAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2186B3-CD3A-420E-BF20-4E4A3AD31024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "87E3A425-32AD-4C71-8A08-7A40920F58E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A93D40E5-EFFF-4EB6-9427-482F31529711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D7E8EE-B0C3-472E-8E24-83181D2ADBB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message."
},
{
"lang": "es",
"value": "Coppermine Photo Gallery anterior a v1.5.20 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de (1) una solicitud directa plugins/visiblehookpoints/index.php, una p\u00e1gina no v\u00e1lida (2) o (3) los par\u00e1metros gato thumbnails.php, un inv\u00e1lido (4) la p\u00e1gina de par\u00e1metros para usermgr.php, o un inv\u00e1lido (5) newer_than o (6) par\u00e1metro older_than a search.inc.php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error."
}
],
"id": "CVE-2012-1614",
"lastModified": "2024-11-21T01:37:19.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-04T20:55:01.937",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"source": "secalert@redhat.com",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80732"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80733"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80734"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80735"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52818"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-81.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348\u0026r2=8354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/80735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-81.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-16 17:29
Modified
2024-11-21 02:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | * | |
| coppermine-gallery | coppermine_photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAF01D0-1072-4612-B335-446A5326FAB2",
"versionEndExcluding": "1.5.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37559B95-C1D3-488C-80B8-8A3B898B899F",
"versionEndExcluding": "1.6.01",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en el gestor de palabras clave en Coppermine Photo Gallery en versiones anteriores a la 1.5.27 y en versiones 1.6.x anteriores a la 1.6.01 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores no especificados."
}
],
"id": "CVE-2014-4612",
"lastModified": "2024-11-21T02:10:34.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-16T17:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q2/608"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q2/620"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/p/coppermine/code/8674"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68140"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q2/608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q2/620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/p/coppermine/code/8674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-20 20:59
Modified
2024-11-21 02:35
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.5.36 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.36:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9F8AFC-AC75-4BB9-9D3B-985341B8C480",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en install_classic.php en Coppermine Photo Gallery (CPG) 1.5.36, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix o (9) impath."
}
],
"id": "CVE-2015-6528",
"lastModified": "2024-11-21T02:35:10.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-08-20T20:59:01.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-06 17:41
Modified
2024-11-21 00:49
Severity ?
Summary
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18597B1E-61F4-4BBA-90B5-5B5F5BF78B85",
"versionEndIncluding": "1.4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E358276F-157E-4D98-9055-061E6F2F2948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A1831F9-4B4A-4226-B219-B3AFF06FFDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C457C25-AF6B-4F67-BD3B-83361A48CDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "808B8E20-BE09-4FC2-BC73-2F10261E82B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2003E2A5-A902-45A1-9189-15B956976ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A53D1BF-C884-40F9-9D46-9CCD9ADC183E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "34A35889-023F-4305-A5A8-F7A8D3409172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E51F81AC-6AE1-40E5-B2CB-34E1B5985C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b:*:*:*:*:*:*",
"matchCriteriaId": "8A465AB3-1426-4966-87DF-A1FA3FCCE5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b-nuke:*:*:*:*:*:*",
"matchCriteriaId": "E9D7FF03-F2A7-4014-BF17-8393F5220AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98C672-0D2E-4A78-A206-CC44A5A6E14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "60C520A7-686D-40AB-A41B-EDDF3EC86819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "4AFF3F0F-88BF-4EB4-8DCA-4D46D181FCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "196B664C-C400-4770-893B-E327D40CD525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BF818D-86E5-4886-9447-FE70CBEAEA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B94FCD31-EECA-4323-A63A-554A2AFB3DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C70B0A-C8C8-449E-A8C4-A595B7404DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4388EF8-6825-4E8A-B9F2-7D2F69A95865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "27D59D3A-F55C-4403-BD43-35162EC0E4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13B39376-C331-45B5-95AD-C3DD56BBF687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3DFE45-B65A-46FB-8584-A338143E4F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "15516E4B-8B16-4B81-8881-2E358144BA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEE8E75-36D2-4F99-967E-52FDFA150E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8946662-2C1C-4113-977F-5D7FC3161565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F59212-9725-4926-9905-28C8C64A3A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FB7773-BBCA-4825-8489-7EE43D6BD312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "71058CB9-81CA-4F5B-8204-F21C906A71EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "197EF2C1-ADCF-4596-B5A0-689C10720906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EB199205-489B-4BB7-81A4-94D45E19349B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD299AB-0B18-472B-B99E-C0D585AA21CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la funci\u00f3n user_get_profile de include/functions.inc.php en Coppermine Photo Gallery (CPG) 1.4.18 y versiones anteriores, cuando el conjunto de caracteres es utf-8, permite a atacantes remotos incluir y ejecutar ficheros locales de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en la parte lang de series de datos en una cookie an_data."
}
],
"evaluatorImpact": "http://secunia.com/advisories/31295:\r\n\"Successful exploitation requires that \"Character encoding\" is set to \"Unicode (recommended) (utf-8)\", which is the default value.\"",
"id": "CVE-2008-3486",
"lastModified": "2024-11-21T00:49:21.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-06T17:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31295"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4108"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30480"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44133"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6178"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}