Coppermine: >> Coppermine Photo Gallery >> 1.4.3 Security Vulnerabilities
SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
CVSS Score
6.5
EPSS Score
0.005
Published
2008-04-16
Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.
CVSS Score
7.5
EPSS Score
0.007
Published
2006-06-12
Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
CVSS Score
7.5
EPSS Score
0.007
Published
2006-05-22
Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter.
CVSS Score
5.0
EPSS Score
0.025
Published
2006-02-24
Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames.
CVSS Score
5.0
EPSS Score
0.008
Published
2006-02-24