Coppermine-Gallery: >> Coppermine Photo Gallery >> 1.4.14 Security Vulnerabilities
Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.
CVSS Score
5.0
EPSS Score
0.013
Published
2009-09-09
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.
CVSS Score
7.5
EPSS Score
0.063
Published
2008-08-06
themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
CVSS Score
7.5
EPSS Score
0.021
Published
2008-08-05
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.
CVSS Score
6.5
EPSS Score
0.02
Published
2008-01-31
Page 2