MidnightBSD

Advisories for coppermine-gallery

CVE-2005-3979 MEDIUM

relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
coppermine-gallery coppermine_photo_gallery 1.4.2
coppermine-gallery coppermine_photo_gallery 1.4
CVE-2010-4667 MEDIUM

Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
coppermine-gallery coppermine_photo_gallery 1.4.4
coppermine-gallery coppermine_photo_gallery 1.4.25
coppermine-gallery coppermine_photo_gallery 1.4.21
coppermine-gallery coppermine_photo_gallery 1.3.4
coppermine-gallery coppermine_photo_gallery 1.4.6
coppermine-gallery coppermine_photo_gallery 1.4.9
coppermine-gallery coppermine_photo_gallery 1.2.1
coppermine-gallery coppermine_photo_gallery 1.4.12
coppermine-gallery coppermine_photo_gallery 1.4.10
coppermine-gallery coppermine_photo_gallery 1.4.13
coppermine-gallery coppermine_photo_gallery 1.2
coppermine-gallery coppermine_photo_gallery 1.3.1
coppermine-gallery coppermine_photo_gallery 1.4.1
coppermine-gallery coppermine_photo_gallery 1.4.0
coppermine-gallery coppermine_photo_gallery 1.4.16
coppermine-gallery coppermine_photo_gallery 1.4.18
coppermine-gallery coppermine_photo_gallery 1.3.0
coppermine-gallery coppermine_photo_gallery 1.4.3
coppermine-gallery coppermine_photo_gallery 1.4.24
coppermine-gallery coppermine_photo_gallery *
coppermine-gallery coppermine_photo_gallery 1.4.5
coppermine-gallery coppermine_photo_gallery 1.2.0
coppermine-gallery coppermine_photo_gallery 1.4.20
coppermine-gallery coppermine_photo_gallery 1.4.7
coppermine-gallery coppermine_photo_gallery 1.1
coppermine-gallery coppermine_photo_gallery 1.4
coppermine-gallery coppermine_photo_gallery 1.4.8
coppermine-gallery coppermine_photo_gallery 1.4.11
coppermine-gallery coppermine_photo_gallery 1.4.17
coppermine-gallery coppermine_photo_gallery 1.3.5
coppermine-gallery coppermine_photo_gallery 1.4.2
coppermine-gallery coppermine_photo_gallery 1.3.3
coppermine-gallery coppermine_photo_gallery 1.3.2
coppermine-gallery coppermine_photo_gallery 1.4.14
coppermine-gallery coppermine_photo_gallery 1.1.0
coppermine-gallery coppermine_photo_gallery 1.4.15
coppermine-gallery coppermine_photo_gallery 1.0
coppermine-gallery coppermine_photo_gallery 1.4.22
coppermine-gallery coppermine_photo_gallery 1.4.19
coppermine-gallery coppermine_photo_gallery 1.4.23
CVE-2010-4693 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
coppermine-gallery coppermine_photo_gallery 1.4.25
coppermine-gallery coppermine_photo_gallery 1.4.26
coppermine-gallery coppermine_photo_gallery 1.4.6
coppermine-gallery coppermine_photo_gallery 1.2.1
coppermine-gallery coppermine_photo_gallery 1.4.12
coppermine-gallery coppermine_photo_gallery 1.4.10
coppermine-gallery coppermine_photo_gallery 1.2
coppermine-gallery coppermine_photo_gallery 1.3.1
coppermine-gallery coppermine_photo_gallery 1.3.0
coppermine-gallery coppermine_photo_gallery 1.4.3
coppermine-gallery coppermine_photo_gallery 1.4.27
coppermine-gallery coppermine_photo_gallery 1.4.24
coppermine-gallery coppermine_photo_gallery 1.4.5
coppermine-gallery coppermine_photo_gallery 1.2.0
coppermine-gallery coppermine_photo_gallery 1.4.20
coppermine-gallery coppermine_photo_gallery 1.4.7
coppermine-gallery coppermine_photo_gallery 1.1
coppermine-gallery coppermine_photo_gallery 1.4.8
coppermine-gallery coppermine_photo_gallery 1.4.11
coppermine-gallery coppermine_photo_gallery 1.4.17
coppermine-gallery coppermine_photo_gallery 1.3.5
coppermine-gallery coppermine_photo_gallery 1.4.14
coppermine-gallery coppermine_photo_gallery 1.1.0
coppermine-gallery coppermine_photo_gallery 1.4.19
coppermine-gallery coppermine_photo_gallery 1.5.6
coppermine-gallery coppermine_photo_gallery 1.4.4
coppermine-gallery coppermine_photo_gallery 1.4.21
coppermine-gallery coppermine_photo_gallery 1.3.4
coppermine-gallery coppermine_photo_gallery 1.4.9
coppermine-gallery coppermine_photo_gallery 1.5.8
coppermine-gallery coppermine_photo_gallery 1.4.13
coppermine-gallery coppermine_photo_gallery 1.5.2
coppermine-gallery coppermine_photo_gallery 1.4.1
coppermine-gallery coppermine_photo_gallery 1.4.0
coppermine-gallery coppermine_photo_gallery 1.4.16
coppermine-gallery coppermine_photo_gallery 1.4.18
coppermine-gallery coppermine_photo_gallery *
coppermine-gallery coppermine_photo_gallery 1.4
coppermine-gallery coppermine_photo_gallery 1.5.3
coppermine-gallery coppermine_photo_gallery 1.4.2
coppermine-gallery coppermine_photo_gallery 1.3.3
coppermine-gallery coppermine_photo_gallery 1.3.2
coppermine-gallery coppermine_photo_gallery 1.5.1
coppermine-gallery coppermine_photo_gallery 1.4.15
coppermine-gallery coppermine_photo_gallery 1.0
coppermine-gallery coppermine_photo_gallery 1.4.22
coppermine-gallery coppermine_photo_gallery 1.4.23
coppermine-gallery coppermine_photo_gallery 1.5.4
CVE-2010-4815 HIGH

Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
coppermine-gallery coppermine_gallery *
CVE-2011-2476 MEDIUM

Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
coppermine-gallery coppermine_photo_gallery 1.4.25
coppermine-gallery coppermine_photo_gallery 1.4.26
coppermine-gallery coppermine_photo_gallery 1.4.6
coppermine-gallery coppermine_photo_gallery 1.2.1
coppermine-gallery coppermine_photo_gallery 1.4.12
coppermine-gallery coppermine_photo_gallery 1.4.10
coppermine-gallery coppermine_photo_gallery 1.2
coppermine-gallery coppermine_photo_gallery 1.3.1
coppermine-gallery coppermine_photo_gallery 1.3.0
coppermine-gallery coppermine_photo_gallery 1.4.3
coppermine-gallery coppermine_photo_gallery 1.4.27
coppermine-gallery coppermine_photo_gallery 1.4.24
coppermine-gallery coppermine_photo_gallery 1.4.5
coppermine-gallery coppermine_photo_gallery 1.2.0
coppermine-gallery coppermine_photo_gallery 1.4.20
coppermine-gallery coppermine_photo_gallery 1.4.7
coppermine-gallery coppermine_photo_gallery 1.1
coppermine-gallery coppermine_photo_gallery 1.4.8
coppermine-gallery coppermine_photo_gallery 1.4.11
coppermine-gallery coppermine_photo_gallery 1.4.17
coppermine-gallery coppermine_photo_gallery 1.3.5
coppermine-gallery coppermine_photo_gallery 1.4.14
coppermine-gallery coppermine_photo_gallery 1.1.0
coppermine-gallery coppermine_photo_gallery 1.4.19
coppermine-gallery coppermine_photo_gallery 1.5.6
coppermine-gallery coppermine_photo_gallery 1.4.4
coppermine-gallery coppermine_photo_gallery 1.4.21
coppermine-gallery coppermine_photo_gallery 1.3.4
coppermine-gallery coppermine_photo_gallery 1.4.9
coppermine-gallery coppermine_photo_gallery 1.5.8
coppermine-gallery coppermine_photo_gallery 1.4.13
coppermine-gallery coppermine_photo_gallery 1.5.2
coppermine-gallery coppermine_photo_gallery 1.4.1
coppermine-gallery coppermine_photo_gallery 1.4.0
coppermine-gallery coppermine_photo_gallery 1.4.16
coppermine-gallery coppermine_photo_gallery 1.4.18
coppermine-gallery coppermine_photo_gallery *
coppermine-gallery coppermine_photo_gallery 1.4
coppermine-gallery coppermine_photo_gallery 1.5.3
coppermine-gallery coppermine_photo_gallery 1.4.2
coppermine-gallery coppermine_photo_gallery 1.3.3
coppermine-gallery coppermine_photo_gallery 1.3.2
coppermine-gallery coppermine_photo_gallery 1.5.1
coppermine-gallery coppermine_photo_gallery 1.4.15
coppermine-gallery coppermine_photo_gallery 1.0
coppermine-gallery coppermine_photo_gallery 1.4.22
coppermine-gallery coppermine_photo_gallery 1.4.23
coppermine-gallery coppermine_photo_gallery 1.5.4
CVE-2011-3722 MEDIUM

Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
coppermine-gallery coppermine_photo_gallery 1.5.12
CVE-2012-1613 LOW

Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
coppermine-gallery coppermine_photo_gallery 1.4.25
coppermine-gallery coppermine_photo_gallery 1.4.26
coppermine-gallery coppermine_photo_gallery 1.4.6
coppermine-gallery coppermine_photo_gallery 1.2.1
coppermine-gallery coppermine_photo_gallery 1.4.12
coppermine-gallery coppermine_photo_gallery 1.4.10
coppermine-gallery coppermine_photo_gallery 1.2
coppermine-gallery coppermine_photo_gallery 1.3.1
coppermine-gallery coppermine_photo_gallery 1.3.0
coppermine-gallery coppermine_photo_gallery 1.4.3
coppermine-gallery coppermine_photo_gallery 1.4.27
coppermine-gallery coppermine_photo_gallery 1.4.24
coppermine-gallery coppermine_photo_gallery 1.5.10
coppermine-gallery coppermine_photo_gallery 1.4.5
coppermine-gallery coppermine_photo_gallery 1.5.16
coppermine-gallery coppermine_photo_gallery 1.2.0
coppermine-gallery coppermine_photo_gallery 1.4.20
coppermine-gallery coppermine_photo_gallery 1.4.7
coppermine-gallery coppermine_photo_gallery 1.1
coppermine-gallery coppermine_photo_gallery 1.4.8
coppermine-gallery coppermine_photo_gallery 1.4.11
coppermine-gallery coppermine_photo_gallery 1.4.17
coppermine-gallery coppermine_photo_gallery 1.3.5
coppermine-gallery coppermine_photo_gallery 1.4.14
coppermine-gallery coppermine_photo_gallery 1.1.0
coppermine-gallery coppermine_photo_gallery 1.4.19
coppermine-gallery coppermine_photo_gallery 1.5.6
coppermine-gallery coppermine_photo_gallery 1.4.4
coppermine-gallery coppermine_photo_gallery 1.4.21
coppermine-gallery coppermine_photo_gallery 1.3.4
coppermine-gallery coppermine_photo_gallery 1.4.9
coppermine-gallery coppermine_photo_gallery 1.5.8
coppermine-gallery coppermine_photo_gallery 1.4.13
coppermine-gallery coppermine_photo_gallery 1.5.2
coppermine-gallery coppermine_photo_gallery 1.5.12
coppermine-gallery coppermine_photo_gallery 1.4.1
coppermine-gallery coppermine_photo_gallery 1.4.0
coppermine-gallery coppermine_photo_gallery 1.5.14
coppermine-gallery coppermine_photo_gallery 1.4.16
coppermine-gallery coppermine_photo_gallery 1.4.18
coppermine-gallery coppermine_photo_gallery *
coppermine-gallery coppermine_photo_gallery 1.5.3
coppermine-gallery coppermine_photo_gallery 1.4.2
coppermine-gallery coppermine_photo_gallery 1.3.3
coppermine-gallery coppermine_photo_gallery 1.3.2
coppermine-gallery coppermine_photo_gallery 1.5.1
coppermine-gallery coppermine_photo_gallery 1.4.15
coppermine-gallery coppermine_photo_gallery 1.0
coppermine-gallery coppermine_photo_gallery 1.4.22
coppermine-gallery coppermine_photo_gallery 1.4.23
coppermine-gallery coppermine_photo_gallery 1.5.4
CVE-2012-1614 MEDIUM

Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
coppermine-gallery coppermine_photo_gallery 1.4.25
coppermine-gallery coppermine_photo_gallery 1.4.26
coppermine-gallery coppermine_photo_gallery 1.4.6
coppermine-gallery coppermine_photo_gallery 1.2.1
coppermine-gallery coppermine_photo_gallery 1.4.12
coppermine-gallery coppermine_photo_gallery 1.4.10
coppermine-gallery coppermine_photo_gallery 1.2
coppermine-gallery coppermine_photo_gallery 1.3.1
coppermine-gallery coppermine_photo_gallery 1.3.0
coppermine-gallery coppermine_photo_gallery 1.4.3
coppermine-gallery coppermine_photo_gallery 1.4.27
coppermine-gallery coppermine_photo_gallery 1.4.24
coppermine-gallery coppermine_photo_gallery 1.5.10
coppermine-gallery coppermine_photo_gallery 1.4.5
coppermine-gallery coppermine_photo_gallery 1.5.16
coppermine-gallery coppermine_photo_gallery 1.2.0
coppermine-gallery coppermine_photo_gallery 1.4.20
coppermine-gallery coppermine_photo_gallery 1.4.7
coppermine-gallery coppermine_photo_gallery 1.1
coppermine-gallery coppermine_photo_gallery 1.4.8
coppermine-gallery coppermine_photo_gallery 1.4.11
coppermine-gallery coppermine_photo_gallery 1.4.17
coppermine-gallery coppermine_photo_gallery 1.3.5
coppermine-gallery coppermine_photo_gallery 1.4.14
coppermine-gallery coppermine_photo_gallery 1.1.0
coppermine-gallery coppermine_photo_gallery 1.4.19
coppermine-gallery coppermine_photo_gallery 1.5.6
coppermine-gallery coppermine_photo_gallery 1.4.4
coppermine-gallery coppermine_photo_gallery 1.4.21
coppermine-gallery coppermine_photo_gallery 1.3.4
coppermine-gallery coppermine_photo_gallery 1.4.9
coppermine-gallery coppermine_photo_gallery 1.5.8
coppermine-gallery coppermine_photo_gallery 1.4.13
coppermine-gallery coppermine_photo_gallery 1.5.2
coppermine-gallery coppermine_photo_gallery 1.5.12
coppermine-gallery coppermine_photo_gallery 1.4.1
coppermine-gallery coppermine_photo_gallery 1.4.0
coppermine-gallery coppermine_photo_gallery 1.5.14
coppermine-gallery coppermine_photo_gallery 1.4.16
coppermine-gallery coppermine_photo_gallery 1.4.18
coppermine-gallery coppermine_photo_gallery *
coppermine-gallery coppermine_photo_gallery 1.4
coppermine-gallery coppermine_photo_gallery 1.5.3
coppermine-gallery coppermine_photo_gallery 1.4.2
coppermine-gallery coppermine_photo_gallery 1.3.3
coppermine-gallery coppermine_photo_gallery 1.3.2
coppermine-gallery coppermine_photo_gallery 1.5.1
coppermine-gallery coppermine_photo_gallery 1.4.15
coppermine-gallery coppermine_photo_gallery 1.0
coppermine-gallery coppermine_photo_gallery 1.4.22
coppermine-gallery coppermine_photo_gallery 1.4.23
coppermine-gallery coppermine_photo_gallery 1.5.4
CVE-2014-4612 MEDIUM

Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
coppermine-gallery coppermine_photo_gallery *
CVE-2015-3921 LOW

Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
coppermine-gallery coppermine_photo_gallery *
CVE-2015-3922 MEDIUM

Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
coppermine-gallery coppermine_photo_gallery *
CVE-2015-3923 MEDIUM

Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
coppermine-gallery coppermine_photo_gallery *
CVE-2015-6528 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
coppermine-gallery coppermine_photo_gallery 1.5.36
CVE-2018-14478 MEDIUM

ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
coppermine-gallery coppermine_photo_gallery 1.5.46
CVE-2023-53868

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.

Products Affected

Vendor Product Version
coppermine-gallery coppermine_photo_gallery 1.6.25