Shodan
Vulnerabilities
Vulnerable Software
Coppermine-Gallery:  >> Coppermine Photo Gallery  >> 1.4.14  Security Vulnerabilities
CVE-2014-4612
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.006
Published
2018-03-16
CVE-2015-3923
Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.
CVSS Score
5.0
EPSS Score
0.004
Published
2015-06-10
CVE-2015-3922
Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.
CVSS Score
5.8
EPSS Score
0.003
Published
2015-05-27
CVE-2015-3921
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.
CVSS Score
3.5
EPSS Score
0.002
Published
2015-05-27
CVE-2012-1613
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
CVSS Score
3.5
EPSS Score
0.016
Published
2012-09-04
CVE-2012-1614
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.
CVSS Score
5.0
EPSS Score
0.187
Published
2012-09-04
CVE-2011-2476
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667.
CVSS Score
4.3
EPSS Score
0.003
Published
2011-06-14
CVE-2010-4667
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2011-06-14
CVE-2010-4693
Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.
CVSS Score
4.3
EPSS Score
0.006
Published
2011-01-11
CVE-2008-7186
Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.
CVSS Score
5.0
EPSS Score
0.003
Published
2009-09-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved