Coppermine Photo Gallery

coppermine_photo_gallery

CVEs (19)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-53868 1Coppermine Gallery 1Coppermine Photo Gallery Dec 18, 2025 Dec 15, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system co...Show more Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.Show less
CVE-2018-14478 1Coppermine Gallery 1Coppermine Photo Gallery Nov 21, 2024 May 7, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.
CVE-2014-4612 1Coppermine Gallery 1Coppermine Photo Gallery Nov 21, 2024 Mar 16, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspe...Show more Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.Show less
CVE-2015-6528 1Coppermine Gallery 1Coppermine Photo Gallery May 6, 2026 Aug 20, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_pass...Show more Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.Show less
CVE-2015-3923 1Coppermine Gallery 1Coppermine Photo Gallery May 6, 2026 Jun 10, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.
CVE-2015-3922 1Coppermine Gallery 1Coppermine Photo Gallery May 6, 2026 May 27, 2015 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter.
CVE-2015-3921 1Coppermine Gallery 1Coppermine Photo Gallery May 6, 2026 May 27, 2015 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.
CVE-2012-1614 1Coppermine Gallery 1Coppermine Photo Gallery Apr 29, 2026 Sep 4, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php,...Show more Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.Show less
CVE-2012-1613 1Coppermine Gallery 1Coppermine Photo Gallery Apr 29, 2026 Sep 4, 2012 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords par...Show more Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.Show less
CVE-2011-3722 1Coppermine Gallery 1Coppermine Photo Gallery Apr 29, 2026 Sep 23, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspe...Show more Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files.Show less
CVE-2011-2476 1Coppermine Gallery 1Coppermine Photo Gallery Apr 29, 2026 Jun 14, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-466...Show more Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667.Show less
CVE-2010-4667 1Coppermine Gallery 1Coppermine Photo Gallery Apr 29, 2026 Jun 14, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4693 1Coppermine Gallery 1Coppermine Photo Gallery Apr 29, 2026 Jan 11, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picf...Show more Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.Show less
CVE-2008-7187 1Coppermine Gallery 1Coppermine Photo Gallery Apr 23, 2026 Sep 9, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.
CVE-2008-7186 1Coppermine Gallery 1Coppermine Photo Gallery Apr 23, 2026 Sep 9, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leve...Show more Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.Show less
CVE-2008-3486 1Coppermine Gallery 1Coppermine Photo Gallery Apr 23, 2026 Aug 6, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and exec...Show more Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.Show less
CVE-2008-3481 1Coppermine Gallery 1Coppermine Photo Gallery Apr 23, 2026 Aug 5, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
CVE-2008-0504 1Coppermine Gallery 1Coppermine Photo Gallery Apr 23, 2026 Jan 31, 2008 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parame...Show more Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.Show less
CVE-2005-3979 1Coppermine Gallery 1Coppermine Photo Gallery Apr 16, 2026 Dec 3, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database...Show more relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.Show less