[CLOSE] OSVDB ID : 35068 - Disclosed: 2007-03-09

Description:

Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to include/plugin_api.inc.php not properly sanitizing user input supplied to the path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 57916 - Disclosed: 2008-01-31

Description:

(Description Provided by CVE) : Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.

[CLOSE] OSVDB ID : 24744 - Disclosed: 2006-04-14

Description:

(Description Provided by CVE) : Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.

[CLOSE] OSVDB ID : 54582 - Disclosed: 2009-05-18

Description:

Coppermine Photo Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the thumbnails.php script not properly sanitizing user-supplied input to the GLOBALS[USER][lang] and GLOBALS[cat] parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 35069 - Disclosed: 2007-03-09

Description:

Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 50907 - Disclosed: 2005-04-20

Description:

Coppermine Photo Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'init.inc.php' script not properly sanitizing user-supplied input to the 'favs' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 15672 - Disclosed: 2005-04-18

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter.

[CLOSE] OSVDB ID : 23346 - Disclosed: 2006-02-17

Description:

Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to init.inc.php script not properly sanitizing user input supplied to the 'lang' variable. This may allow an attacker to include a file from a local system via the thumbnails.php script that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 27618 - Disclosed: 2006-06-20

Description:

CPG (Coppermine Photo Gallery) contains a flaw that may allow a malicious user to bypass input validation safe guards. There is a flaw in the design of the input validation process that may allow an attacker to erase some global variables (_GET, _REQUEST, _POST ...). For example, the 'MyVar' variable can be set globally to an arbitrary value because the input validation scheme fails when the _GET and _REQUEST variables are erased.

[CLOSE] OSVDB ID : 5761 - Disclosed: 2004-04-29

Description:

Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered when sending a specially crafted URL request to the init.inc.php script using the CPG_M_DIR variable to specify a malicious file from a remote system as a parameter. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 15880 - Disclosed: 2004-04-20

Description:

Coppermine Photo Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'init.inc.php' script not properly sanitizing user-supplied input to the 'thecookie' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 57287 - Disclosed: 2008-08-06

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33383 - Disclosed: 2007-01-05

Description:

(Description Provided by CVE) : Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.

[CLOSE] OSVDB ID : 5757 - Disclosed: 2004-04-29

Description:

Coppermine Photo Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "CPG_URL" variable upon submission to the menu.inc.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 37100 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.

[CLOSE] OSVDB ID : 5758 - Disclosed: 2004-04-29

Description:

Coppermine Photo Gallery contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to the 'modules.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'startdir' variable.

[CLOSE] OSVDB ID : 50624 - Disclosed: 2003-04-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 72883 - Disclosed: 2011-02-17

Description:

Coppermine Photo Gallery contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to the /plugins/link_target/configuration.php, /plugins/opensearch/configuration.php or /plugins/onlinestats/index.php scripts, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 57294 - Disclosed: 2008-08-06

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 39251 - Disclosed: 2006-05-22

Description:

(Description Provided by CVE) : Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.

[CLOSE] OSVDB ID : 5756 - Disclosed: 2004-04-29

Description:

Coppermine Photo Gallery contains a flaw that may lead to an unauthorized information disclosure. By sending specially crafted URL requests to the phpinfo.php script the program will return an error message, which will disclose the installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 73130 - Disclosed: 2011-02-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 5759 - Disclosed: 2004-04-29

Description:

Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. By supplying specially crafted "impath" or "jpeg_equal" configuration parameters, a remote attacker could execute arbitrary shell commands on the system, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 30097 - Disclosed: 2006-10-27

Description:

(Description Provided by CVE) : SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter.

[CLOSE] OSVDB ID : 35070 - Disclosed: 2007-03-09

Description:

Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to pluginmgr.php not properly sanitizing user input supplied to the 'path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 57292 - Disclosed: 2008-08-06

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 21381 - Disclosed: 2005-11-27

Description:

(Description Provided by CVE) : relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta does not remove is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.

[CLOSE] OSVDB ID : 41679 - Disclosed: 2008-01-29

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authen ticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.

[CLOSE] OSVDB ID : 57290 - Disclosed: 2008-08-06

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 70174 - Disclosed: 2010-12-28

Description:

Coppermine Photo Gallery contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified data upon submission to the searchnew.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.