Coppermine-Gallery: >> Coppermine Photo Gallery >> 1.4.14 Security Vulnerabilities
Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.
CVSS Score
5.0
EPSS Score
0.003
Published
2009-09-09
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.
CVSS Score
7.5
EPSS Score
0.039
Published
2008-08-06
themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
CVSS Score
7.5
EPSS Score
0.031
Published
2008-08-05
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.
CVSS Score
6.5
EPSS Score
0.007
Published
2008-01-31
Page 2