Coppermine-gallery Coppermine Photo Gallery — known CVE vulnerabilities
Every CVE whose affected-product data names Coppermine-gallery Coppermine Photo Gallery, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2023-53868 — CVSS 8.8 (high): Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files…
CVE-2008-3481 — CVSS 7.5 (high): themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a…
CVE-2008-3486 — CVSS 7.5 (high): Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18…
CVE-2008-0504 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute…
CVE-2014-4612 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x…
CVE-2018-14478 — CVSS 6.1 (medium): ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.
CVE-2015-3922 — CVSS 5.8 (medium): Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary…
CVE-2011-3722 — CVSS 5.0 (medium): Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which…
CVE-2008-7186 — CVSS 5.0 (medium): Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information…
CVE-2008-7187 — CVSS 5.0 (medium): Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to…
CVE-2005-3979 — CVSS 5.0 (medium): relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication…
CVE-2012-1614 — CVSS 5.0 (medium): Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to…
CVE-2015-3923 — CVSS 5.0 (medium): Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to…
CVE-2011-2476 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web…
CVE-2010-4667 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web…