relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.4.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.4 |
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.4.4 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.25 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.21 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.4 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.6 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.9 |
| coppermine-gallery | coppermine_photo_gallery | 1.2.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.12 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.10 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.13 |
| coppermine-gallery | coppermine_photo_gallery | 1.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.16 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.18 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.3 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.24 |
| coppermine-gallery | coppermine_photo_gallery | * |
| coppermine-gallery | coppermine_photo_gallery | 1.4.5 |
| coppermine-gallery | coppermine_photo_gallery | 1.2.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.20 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.7 |
| coppermine-gallery | coppermine_photo_gallery | 1.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.8 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.11 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.17 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.5 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.3 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.14 |
| coppermine-gallery | coppermine_photo_gallery | 1.1.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.15 |
| coppermine-gallery | coppermine_photo_gallery | 1.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.22 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.19 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.23 |
Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.4.25 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.26 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.6 |
| coppermine-gallery | coppermine_photo_gallery | 1.2.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.12 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.10 |
| coppermine-gallery | coppermine_photo_gallery | 1.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.3 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.27 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.24 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.5 |
| coppermine-gallery | coppermine_photo_gallery | 1.2.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.20 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.7 |
| coppermine-gallery | coppermine_photo_gallery | 1.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.8 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.11 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.17 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.5 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.14 |
| coppermine-gallery | coppermine_photo_gallery | 1.1.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.19 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.6 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.4 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.21 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.4 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.9 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.8 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.13 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.16 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.18 |
| coppermine-gallery | coppermine_photo_gallery | * |
| coppermine-gallery | coppermine_photo_gallery | 1.4 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.3 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.3 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.15 |
| coppermine-gallery | coppermine_photo_gallery | 1.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.22 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.23 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.4 |
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| coppermine-gallery | coppermine_gallery | * |
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.4.25 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.26 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.6 |
| coppermine-gallery | coppermine_photo_gallery | 1.2.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.12 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.10 |
| coppermine-gallery | coppermine_photo_gallery | 1.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.3 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.27 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.24 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.5 |
| coppermine-gallery | coppermine_photo_gallery | 1.2.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.20 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.7 |
| coppermine-gallery | coppermine_photo_gallery | 1.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.8 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.11 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.17 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.5 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.14 |
| coppermine-gallery | coppermine_photo_gallery | 1.1.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.19 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.6 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.4 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.21 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.4 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.9 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.8 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.13 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.16 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.18 |
| coppermine-gallery | coppermine_photo_gallery | * |
| coppermine-gallery | coppermine_photo_gallery | 1.4 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.3 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.3 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.15 |
| coppermine-gallery | coppermine_photo_gallery | 1.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.22 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.23 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.4 |
Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.5.12 |
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.4.25 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.26 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.6 |
| coppermine-gallery | coppermine_photo_gallery | 1.2.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.12 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.10 |
| coppermine-gallery | coppermine_photo_gallery | 1.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.3 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.27 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.24 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.10 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.5 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.16 |
| coppermine-gallery | coppermine_photo_gallery | 1.2.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.20 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.7 |
| coppermine-gallery | coppermine_photo_gallery | 1.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.8 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.11 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.17 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.5 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.14 |
| coppermine-gallery | coppermine_photo_gallery | 1.1.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.19 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.6 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.4 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.21 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.4 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.9 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.8 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.13 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.12 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.14 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.16 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.18 |
| coppermine-gallery | coppermine_photo_gallery | * |
| coppermine-gallery | coppermine_photo_gallery | 1.5.3 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.3 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.15 |
| coppermine-gallery | coppermine_photo_gallery | 1.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.22 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.23 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.4 |
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.4.25 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.26 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.6 |
| coppermine-gallery | coppermine_photo_gallery | 1.2.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.12 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.10 |
| coppermine-gallery | coppermine_photo_gallery | 1.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.3 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.27 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.24 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.10 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.5 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.16 |
| coppermine-gallery | coppermine_photo_gallery | 1.2.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.20 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.7 |
| coppermine-gallery | coppermine_photo_gallery | 1.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.8 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.11 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.17 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.5 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.14 |
| coppermine-gallery | coppermine_photo_gallery | 1.1.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.19 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.6 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.4 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.21 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.4 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.9 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.8 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.13 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.12 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.14 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.16 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.18 |
| coppermine-gallery | coppermine_photo_gallery | * |
| coppermine-gallery | coppermine_photo_gallery | 1.4 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.3 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.3 |
| coppermine-gallery | coppermine_photo_gallery | 1.3.2 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.1 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.15 |
| coppermine-gallery | coppermine_photo_gallery | 1.0 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.22 |
| coppermine-gallery | coppermine_photo_gallery | 1.4.23 |
| coppermine-gallery | coppermine_photo_gallery | 1.5.4 |
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | * |
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | * |
Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | * |
Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | * |
Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.5.36 |
ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.5.46 |
Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.6.25 |