Search

Find a vulnerability

Search criteria

    70 vulnerabilities found for coppermine_photo_gallery by coppermine

    CVE-2009-1616 (GCVE-0-2009-1616)

    Vulnerability from nvd – Published: 2009-05-11 20:00 – Updated: 2024-09-16 22:08
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/34961 third-party-advisoryx_refsource_SECUNIA
    http://forum.coppermine-gallery.net/index.php/top… x_refsource_CONFIRM
    http://forum.coppermine-gallery.net/index.php/top… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/34782 vdb-entryx_refsource_BID
    http://osvdb.org/54145 vdb-entryx_refsource_OSVDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:20:34.766Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34961",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34961"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html"
              },
              {
                "name": "34782",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34782"
              },
              {
                "name": "54145",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54145"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-05-11T20:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34961",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34961"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html"
            },
            {
              "name": "34782",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34782"
            },
            {
              "name": "54145",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54145"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1616",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34961",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34961"
                },
                {
                  "name": "http://forum.coppermine-gallery.net/index.php/topic,59247.0.html",
                  "refsource": "CONFIRM",
                  "url": "http://forum.coppermine-gallery.net/index.php/topic,59247.0.html"
                },
                {
                  "name": "http://forum.coppermine-gallery.net/index.php/topic,59237.0.html",
                  "refsource": "CONFIRM",
                  "url": "http://forum.coppermine-gallery.net/index.php/topic,59237.0.html"
                },
                {
                  "name": "34782",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34782"
                },
                {
                  "name": "54145",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54145"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1616",
        "datePublished": "2009-05-11T20:00:00.000Z",
        "dateReserved": "2009-05-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:08:47.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1841 (GCVE-0-2008-1841)

    Vulnerability from nvd – Published: 2008-04-16 17:00 – Updated: 2024-08-07 08:40
    VLAI KEVIntel
    Summary
    SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:40:59.593Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "28767",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28767"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
              },
              {
                "name": "coppermine-coppermineinc-sql-injection(41788)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
              },
              {
                "name": "29741",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29741"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008.  NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "28767",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28767"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
            },
            {
              "name": "coppermine-coppermineinc-sql-injection(41788)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
            },
            {
              "name": "29741",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29741"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1841",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008.  NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "28767",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28767"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
                },
                {
                  "name": "http://forum.coppermine-gallery.net/index.php/topic,51882.0.html",
                  "refsource": "CONFIRM",
                  "url": "http://forum.coppermine-gallery.net/index.php/topic,51882.0.html"
                },
                {
                  "name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
                },
                {
                  "name": "coppermine-coppermineinc-sql-injection(41788)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
                },
                {
                  "name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
                },
                {
                  "name": "29741",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29741"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1841",
        "datePublished": "2008-04-16T17:00:00.000Z",
        "dateReserved": "2008-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:40:59.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1840 (GCVE-0-2008-1840)

    Vulnerability from nvd – Published: 2008-04-16 17:00 – Updated: 2024-08-07 08:40
    VLAI
    Summary
    SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://sourceforge.net/project/shownotes.php?grou… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/28766 vdb-entryx_refsource_BID
    http://secunia.com/advisories/29795 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/44345 vdb-entryx_refsource_OSVDB
    http://forum.coppermine-gallery.net/index.php/top… x_refsource_CONFIRM
    Date Public
    2008-04-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:40:59.516Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "coppermine-upload-sql-injection(41784)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
              },
              {
                "name": "28766",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28766"
              },
              {
                "name": "29795",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29795"
              },
              {
                "name": "44345",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/44345"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "coppermine-upload-sql-injection(41784)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
            },
            {
              "name": "28766",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28766"
            },
            {
              "name": "29795",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29795"
            },
            {
              "name": "44345",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/44345"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1840",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "coppermine-upload-sql-injection(41784)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
                },
                {
                  "name": "28766",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28766"
                },
                {
                  "name": "29795",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29795"
                },
                {
                  "name": "44345",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/44345"
                },
                {
                  "name": "http://forum.coppermine-gallery.net/index.php/topic,51787,0.html",
                  "refsource": "CONFIRM",
                  "url": "http://forum.coppermine-gallery.net/index.php/topic,51787,0.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1840",
        "datePublished": "2008-04-16T17:00:00.000Z",
        "dateReserved": "2008-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:40:59.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0506 (GCVE-0-2008-0506)

    Vulnerability from nvd – Published: 2008-01-31 19:30 – Updated: 2024-08-07 07:46
    VLAI
    Summary
    include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.waraxe.us/advisory-65.html x_refsource_MISC
    http://coppermine-gallery.net/forum/index.php?top… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/0367 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/27512 vdb-entryx_refsource_BID
    http://secunia.com/advisories/28682 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/487310/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1019286 vdb-entryx_refsource_SECTRACK
    https://www.exploit-db.com/exploits/5019 exploitx_refsource_EXPLOIT-DB
    Date Public
    2008-01-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:46:55.013Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.waraxe.us/advisory-65.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
              },
              {
                "name": "ADV-2008-0367",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0367"
              },
              {
                "name": "27512",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27512"
              },
              {
                "name": "28682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28682"
              },
              {
                "name": "20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
              },
              {
                "name": "1019286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019286"
              },
              {
                "name": "5019",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5019"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.waraxe.us/advisory-65.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
            },
            {
              "name": "ADV-2008-0367",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0367"
            },
            {
              "name": "27512",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27512"
            },
            {
              "name": "28682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28682"
            },
            {
              "name": "20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
            },
            {
              "name": "1019286",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019286"
            },
            {
              "name": "5019",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5019"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0506",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.waraxe.us/advisory-65.html",
                  "refsource": "MISC",
                  "url": "http://www.waraxe.us/advisory-65.html"
                },
                {
                  "name": "http://coppermine-gallery.net/forum/index.php?topic=50103.0",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
                },
                {
                  "name": "ADV-2008-0367",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0367"
                },
                {
                  "name": "27512",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27512"
                },
                {
                  "name": "28682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28682"
                },
                {
                  "name": "20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
                },
                {
                  "name": "1019286",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019286"
                },
                {
                  "name": "5019",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5019"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0506",
        "datePublished": "2008-01-31T19:30:00.000Z",
        "dateReserved": "2008-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:46:55.013Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0505 (GCVE-0-2008-0505)

    Vulnerability from nvd – Published: 2008-01-31 19:30 – Updated: 2024-08-07 07:46
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/27511 vdb-entryx_refsource_BID
    http://www.waraxe.us/advisory-66.html x_refsource_MISC
    http://www.securityfocus.com/archive/1/487351/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1019285 vdb-entryx_refsource_SECTRACK
    http://coppermine-gallery.net/forum/index.php?top… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/0367 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/28682 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-01-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:46:55.020Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27511",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27511"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.waraxe.us/advisory-66.html"
              },
              {
                "name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
              },
              {
                "name": "1019285",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019285"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
              },
              {
                "name": "ADV-2008-0367",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0367"
              },
              {
                "name": "28682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28682"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27511",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27511"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.waraxe.us/advisory-66.html"
            },
            {
              "name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
            },
            {
              "name": "1019285",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019285"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
            },
            {
              "name": "ADV-2008-0367",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0367"
            },
            {
              "name": "28682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28682"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0505",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27511",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27511"
                },
                {
                  "name": "http://www.waraxe.us/advisory-66.html",
                  "refsource": "MISC",
                  "url": "http://www.waraxe.us/advisory-66.html"
                },
                {
                  "name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
                },
                {
                  "name": "1019285",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019285"
                },
                {
                  "name": "http://coppermine-gallery.net/forum/index.php?topic=50103.0",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
                },
                {
                  "name": "ADV-2008-0367",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0367"
                },
                {
                  "name": "28682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28682"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0505",
        "datePublished": "2008-01-31T19:30:00.000Z",
        "dateReserved": "2008-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:46:55.020Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5888 (GCVE-0-2007-5888)

    Vulnerability from nvd – Published: 2007-11-07 21:00 – Updated: 2024-08-07 15:47
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/27534 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/26357 vdb-entryx_refsource_BID
    http://osvdb.org/38420 vdb-entryx_refsource_OSVDB
    http://coppermine-gallery.net/forum/index.php?top… x_refsource_CONFIRM
    Date Public
    2007-11-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:47:00.540Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27534",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27534"
              },
              {
                "name": "coppermine-displayecard-xss(38290)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
              },
              {
                "name": "26357",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26357"
              },
              {
                "name": "38420",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38420"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-11-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27534",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27534"
            },
            {
              "name": "coppermine-displayecard-xss(38290)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
            },
            {
              "name": "26357",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26357"
            },
            {
              "name": "38420",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38420"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5888",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27534",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27534"
                },
                {
                  "name": "coppermine-displayecard-xss(38290)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
                },
                {
                  "name": "26357",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26357"
                },
                {
                  "name": "38420",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38420"
                },
                {
                  "name": "http://coppermine-gallery.net/forum/index.php?topic=48106.0",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5888",
        "datePublished": "2007-11-07T21:00:00.000Z",
        "dateReserved": "2007-11-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:47:00.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4976 (GCVE-0-2007-4976)

    Vulnerability from nvd – Published: 2007-09-19 18:00 – Updated: 2024-08-07 15:17
    VLAI
    Summary
    Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://coppermine-gallery.net/forum/index.php?top… x_refsource_CONFIRM
    http://securityreason.com/securityalert/3152 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/479757/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1018704 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/26843 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/3194 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/25698 vdb-entryx_refsource_BID
    http://osvdb.org/37101 vdb-entryx_refsource_OSVDB
    Date Public
    2007-09-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:17:27.633Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
              },
              {
                "name": "3152",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3152"
              },
              {
                "name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
              },
              {
                "name": "1018704",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018704"
              },
              {
                "name": "26843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26843"
              },
              {
                "name": "coppermine-viewlog-file-include(36660)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
              },
              {
                "name": "ADV-2007-3194",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3194"
              },
              {
                "name": "25698",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25698"
              },
              {
                "name": "37101",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/37101"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
            },
            {
              "name": "3152",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3152"
            },
            {
              "name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
            },
            {
              "name": "1018704",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018704"
            },
            {
              "name": "26843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26843"
            },
            {
              "name": "coppermine-viewlog-file-include(36660)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
            },
            {
              "name": "ADV-2007-3194",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3194"
            },
            {
              "name": "25698",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25698"
            },
            {
              "name": "37101",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/37101"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4976",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://coppermine-gallery.net/forum/index.php?topic=46847.0",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
                },
                {
                  "name": "3152",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3152"
                },
                {
                  "name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
                },
                {
                  "name": "1018704",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018704"
                },
                {
                  "name": "26843",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26843"
                },
                {
                  "name": "coppermine-viewlog-file-include(36660)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
                },
                {
                  "name": "ADV-2007-3194",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3194"
                },
                {
                  "name": "25698",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25698"
                },
                {
                  "name": "37101",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/37101"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4976",
        "datePublished": "2007-09-19T18:00:00.000Z",
        "dateReserved": "2007-09-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:17:27.633Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4977 (GCVE-0-2007-4977)

    Vulnerability from nvd – Published: 2007-09-19 18:00 – Updated: 2024-08-07 15:17
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://coppermine-gallery.net/forum/index.php?top… x_refsource_CONFIRM
    http://securityreason.com/securityalert/3152 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/479757/100… mailing-listx_refsource_BUGTRAQ
    http://osvdb.org/37100 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1018704 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/26843 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/3194 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/25698 vdb-entryx_refsource_BID
    Date Public
    2007-09-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:17:27.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
              },
              {
                "name": "3152",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3152"
              },
              {
                "name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
              },
              {
                "name": "37100",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/37100"
              },
              {
                "name": "1018704",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018704"
              },
              {
                "name": "26843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26843"
              },
              {
                "name": "coppermine-mode-xss(36659)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
              },
              {
                "name": "ADV-2007-3194",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3194"
              },
              {
                "name": "25698",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25698"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
            },
            {
              "name": "3152",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3152"
            },
            {
              "name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
            },
            {
              "name": "37100",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/37100"
            },
            {
              "name": "1018704",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018704"
            },
            {
              "name": "26843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26843"
            },
            {
              "name": "coppermine-mode-xss(36659)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
            },
            {
              "name": "ADV-2007-3194",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3194"
            },
            {
              "name": "25698",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25698"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4977",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://coppermine-gallery.net/forum/index.php?topic=46847.0",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
                },
                {
                  "name": "3152",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3152"
                },
                {
                  "name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
                },
                {
                  "name": "37100",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/37100"
                },
                {
                  "name": "1018704",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018704"
                },
                {
                  "name": "26843",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26843"
                },
                {
                  "name": "coppermine-mode-xss(36659)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
                },
                {
                  "name": "ADV-2007-3194",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3194"
                },
                {
                  "name": "25698",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25698"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4977",
        "datePublished": "2007-09-19T18:00:00.000Z",
        "dateReserved": "2007-09-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:17:27.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4283 (GCVE-0-2007-4283)

    Vulnerability from nvd – Published: 2007-08-09 21:00 – Updated: 2024-08-07 14:46
    VLAI
    Summary
    PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/476015/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/475866/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/25243 vdb-entryx_refsource_BID
    http://osvdb.org/38710 vdb-entryx_refsource_OSVDB
    http://securityreason.com/securityalert/2989 third-party-advisoryx_refsource_SREASON
    Date Public
    2007-08-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:46:39.657Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "coppermine-yabbseinc-file-include(35884)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
              },
              {
                "name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
              },
              {
                "name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
              },
              {
                "name": "25243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25243"
              },
              {
                "name": "38710",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38710"
              },
              {
                "name": "2989",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2989"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "coppermine-yabbseinc-file-include(35884)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
            },
            {
              "name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
            },
            {
              "name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
            },
            {
              "name": "25243",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25243"
            },
            {
              "name": "38710",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38710"
            },
            {
              "name": "2989",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2989"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4283",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "coppermine-yabbseinc-file-include(35884)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
                },
                {
                  "name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
                },
                {
                  "name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
                },
                {
                  "name": "25243",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25243"
                },
                {
                  "name": "38710",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38710"
                },
                {
                  "name": "2989",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2989"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4283",
        "datePublished": "2007-08-09T21:00:00.000Z",
        "dateReserved": "2007-08-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:46:39.657Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3558 (GCVE-0-2007-3558)

    Vulnerability from nvd – Published: 2007-07-04 16:00 – Updated: 2024-09-16 18:48
    VLAI
    Summary
    SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/25846 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/24710 vdb-entryx_refsource_BID
    http://coppermine-gallery.net/forum/index.php?top… x_refsource_CONFIRM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:21:36.385Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "25846",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25846"
              },
              {
                "name": "24710",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24710"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-07-04T16:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "25846",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25846"
            },
            {
              "name": "24710",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24710"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-3558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "25846",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25846"
                },
                {
                  "name": "24710",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24710"
                },
                {
                  "name": "http://coppermine-gallery.net/forum/index.php?topic=44845.0",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-3558",
        "datePublished": "2007-07-04T16:00:00.000Z",
        "dateReserved": "2007-07-04T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:48:53.524Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1414 (GCVE-0-2007-1414)

    Vulnerability from nvd – Published: 2007-03-12 23:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/2416 third-party-advisoryx_refsource_SREASON
    http://www.osvdb.org/35068 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/35065 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/35067 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/462322/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/22896 vdb-entryx_refsource_BID
    http://www.osvdb.org/35069 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/35066 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/463532/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/35070 vdb-entryx_refsource_OSVDB
    Date Public
    2007-03-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:07.928Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "2416",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2416"
              },
              {
                "name": "35068",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35068"
              },
              {
                "name": "35065",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35065"
              },
              {
                "name": "35067",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35067"
              },
              {
                "name": "20070309 Remote File Include In Script Coppermine Photo Gallery",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/462322/100/0/threaded"
              },
              {
                "name": "22896",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22896"
              },
              {
                "name": "35069",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35069"
              },
              {
                "name": "coppermine-multiple-scripts-file-include(32894)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32894"
              },
              {
                "name": "35066",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35066"
              },
              {
                "name": "20070322 Remote File Include In Coppermine Photo Gallery",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/463532/100/0/threaded"
              },
              {
                "name": "35070",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35070"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "2416",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2416"
            },
            {
              "name": "35068",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35068"
            },
            {
              "name": "35065",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35065"
            },
            {
              "name": "35067",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35067"
            },
            {
              "name": "20070309 Remote File Include In Script Coppermine Photo Gallery",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/462322/100/0/threaded"
            },
            {
              "name": "22896",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22896"
            },
            {
              "name": "35069",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35069"
            },
            {
              "name": "coppermine-multiple-scripts-file-include(32894)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32894"
            },
            {
              "name": "35066",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35066"
            },
            {
              "name": "20070322 Remote File Include In Coppermine Photo Gallery",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/463532/100/0/threaded"
            },
            {
              "name": "35070",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35070"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1414",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "2416",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2416"
                },
                {
                  "name": "35068",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35068"
                },
                {
                  "name": "35065",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35065"
                },
                {
                  "name": "35067",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35067"
                },
                {
                  "name": "20070309 Remote File Include In Script Coppermine Photo Gallery",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/462322/100/0/threaded"
                },
                {
                  "name": "22896",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22896"
                },
                {
                  "name": "35069",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35069"
                },
                {
                  "name": "coppermine-multiple-scripts-file-include(32894)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32894"
                },
                {
                  "name": "35066",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35066"
                },
                {
                  "name": "20070322 Remote File Include In Coppermine Photo Gallery",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/463532/100/0/threaded"
                },
                {
                  "name": "35070",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35070"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1414",
        "datePublished": "2007-03-12T23:00:00.000Z",
        "dateReserved": "2007-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:07.928Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1107 (GCVE-0-2007-1107)

    Vulnerability from nvd – Published: 2007-02-26 17:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/461158/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/2297 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/22709 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://www.exploit-db.com/exploits/3371 exploitx_refsource_EXPLOIT-DB
    https://www.exploit-db.com/exploits/4950 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/27372 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/4961 exploitx_refsource_EXPLOIT-DB
    http://osvdb.org/33133 vdb-entryx_refsource_OSVDB
    Date Public
    2007-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.514Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070224 Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/461158/100/0/threaded"
              },
              {
                "name": "coppermine-thumbnails-sql-injection(32688)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32688"
              },
              {
                "name": "2297",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2297"
              },
              {
                "name": "22709",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22709"
              },
              {
                "name": "copperminephoto-thumbnails-sql-injection(39806)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39806"
              },
              {
                "name": "3371",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3371"
              },
              {
                "name": "4950",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4950"
              },
              {
                "name": "27372",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27372"
              },
              {
                "name": "4961",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4961"
              },
              {
                "name": "33133",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33133"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie.  NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070224 Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/461158/100/0/threaded"
            },
            {
              "name": "coppermine-thumbnails-sql-injection(32688)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32688"
            },
            {
              "name": "2297",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2297"
            },
            {
              "name": "22709",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22709"
            },
            {
              "name": "copperminephoto-thumbnails-sql-injection(39806)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39806"
            },
            {
              "name": "3371",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3371"
            },
            {
              "name": "4950",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4950"
            },
            {
              "name": "27372",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27372"
            },
            {
              "name": "4961",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4961"
            },
            {
              "name": "33133",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33133"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1107",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie.  NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070224 Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/461158/100/0/threaded"
                },
                {
                  "name": "coppermine-thumbnails-sql-injection(32688)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32688"
                },
                {
                  "name": "2297",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2297"
                },
                {
                  "name": "22709",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22709"
                },
                {
                  "name": "copperminephoto-thumbnails-sql-injection(39806)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39806"
                },
                {
                  "name": "3371",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3371"
                },
                {
                  "name": "4950",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4950"
                },
                {
                  "name": "27372",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27372"
                },
                {
                  "name": "4961",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4961"
                },
                {
                  "name": "33133",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33133"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1107",
        "datePublished": "2007-02-26T17:00:00.000Z",
        "dateReserved": "2007-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.514Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0835 (GCVE-0-2007-0835)

    Vulnerability from nvd – Published: 2007-02-08 00:00 – Updated: 2024-08-07 12:34
    VLAI
    Summary
    admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24019 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/22406 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/33093 vdb-entryx_refsource_OSVDB
    Date Public
    2007-02-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:34:21.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24019",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24019"
              },
              {
                "name": "22406",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22406"
              },
              {
                "name": "coppermine-admin-command-execution(32236)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32236"
              },
              {
                "name": "33093",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33093"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (\";\" semicolon) in the \"Command line options for ImageMagick\" form field, when used as an option to ImageMagick\u0027s convert command.  NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24019",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24019"
            },
            {
              "name": "22406",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22406"
            },
            {
              "name": "coppermine-admin-command-execution(32236)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32236"
            },
            {
              "name": "33093",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33093"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0835",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (\";\" semicolon) in the \"Command line options for ImageMagick\" form field, when used as an option to ImageMagick\u0027s convert command.  NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24019",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24019"
                },
                {
                  "name": "22406",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22406"
                },
                {
                  "name": "coppermine-admin-command-execution(32236)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32236"
                },
                {
                  "name": "33093",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33093"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0835",
        "datePublished": "2007-02-08T00:00:00.000Z",
        "dateReserved": "2007-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:34:21.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0836 (GCVE-0-2007-0836)

    Vulnerability from nvd – Published: 2007-02-08 00:00 – Updated: 2024-08-07 12:34
    VLAI
    Summary
    admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/22409 vdb-entryx_refsource_BID
    http://secunia.com/advisories/24019 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/33094 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-02-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:34:21.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "22409",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22409"
              },
              {
                "name": "24019",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24019"
              },
              {
                "name": "33094",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33094"
              },
              {
                "name": "coppermine-admin-file-include(32233)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32233"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) \"Path to custom header include\" and (2) \"Path to custom footer include\" form fields.  NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "22409",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22409"
            },
            {
              "name": "24019",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24019"
            },
            {
              "name": "33094",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33094"
            },
            {
              "name": "coppermine-admin-file-include(32233)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32233"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0836",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) \"Path to custom header include\" and (2) \"Path to custom footer include\" form fields.  NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "22409",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22409"
                },
                {
                  "name": "24019",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24019"
                },
                {
                  "name": "33094",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33094"
                },
                {
                  "name": "coppermine-admin-file-include(32233)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32233"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0836",
        "datePublished": "2007-02-08T00:00:00.000Z",
        "dateReserved": "2007-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:34:21.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0115 (GCVE-0-2007-0115)

    Vulnerability from nvd – Published: 2007-01-09 02:00 – Updated: 2024-08-07 12:03
    VLAI
    Summary
    Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.attrition.org/pipermail/vim/2007-Janua… mailing-listx_refsource_VIM
    http://osvdb.org/33383 vdb-entryx_refsource_OSVDB
    http://acid-root.new.fr/poc/19070104.txt x_refsource_MISC
    http://securityreason.com/securityalert/2107 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/456051/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-01-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:03:37.138Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070108 Source verify - Coppermine Photo Gallery \u003c= 1.4.10 code injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2007-January/001218.html"
              },
              {
                "name": "33383",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33383"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://acid-root.new.fr/poc/19070104.txt"
              },
              {
                "name": "2107",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2107"
              },
              {
                "name": "20070105 Coppermine Photo Gallery \u003c= 1.4.10 SQL Injection Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-01-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070108 Source verify - Coppermine Photo Gallery \u003c= 1.4.10 code injection",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2007-January/001218.html"
            },
            {
              "name": "33383",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33383"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://acid-root.new.fr/poc/19070104.txt"
            },
            {
              "name": "2107",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2107"
            },
            {
              "name": "20070105 Coppermine Photo Gallery \u003c= 1.4.10 SQL Injection Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0115",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070108 Source verify - Coppermine Photo Gallery \u003c= 1.4.10 code injection",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2007-January/001218.html"
                },
                {
                  "name": "33383",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33383"
                },
                {
                  "name": "http://acid-root.new.fr/poc/19070104.txt",
                  "refsource": "MISC",
                  "url": "http://acid-root.new.fr/poc/19070104.txt"
                },
                {
                  "name": "2107",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2107"
                },
                {
                  "name": "20070105 Coppermine Photo Gallery \u003c= 1.4.10 SQL Injection Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0115",
        "datePublished": "2007-01-09T02:00:00.000Z",
        "dateReserved": "2007-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:03:37.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0122 (GCVE-0-2007-0122)

    Vulnerability from nvd – Published: 2007-01-09 02:00 – Updated: 2024-08-07 12:03
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/35853 vdb-entryx_refsource_OSVDB
    http://securityreason.com/securityalert/2123 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/25846 third-party-advisoryx_refsource_SECUNIA
    http://acid-root.new.fr/poc/19070104.txt x_refsource_MISC
    https://www.exploit-db.com/exploits/3085 exploitx_refsource_EXPLOIT-DB
    http://osvdb.org/35854 vdb-entryx_refsource_OSVDB
    http://osvdb.org/35852 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/456051/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/21894 vdb-entryx_refsource_BID
    http://osvdb.org/35856 vdb-entryx_refsource_OSVDB
    http://osvdb.org/35855 vdb-entryx_refsource_OSVDB
    Date Public
    2007-01-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:03:37.275Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "35853",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35853"
              },
              {
                "name": "2123",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2123"
              },
              {
                "name": "25846",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25846"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://acid-root.new.fr/poc/19070104.txt"
              },
              {
                "name": "3085",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3085"
              },
              {
                "name": "35854",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35854"
              },
              {
                "name": "35852",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35852"
              },
              {
                "name": "20070105 Coppermine Photo Gallery \u003c= 1.4.10 SQL Injection Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
              },
              {
                "name": "21894",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21894"
              },
              {
                "name": "35856",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35856"
              },
              {
                "name": "35855",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35855"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-01-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "35853",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35853"
            },
            {
              "name": "2123",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2123"
            },
            {
              "name": "25846",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25846"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://acid-root.new.fr/poc/19070104.txt"
            },
            {
              "name": "3085",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3085"
            },
            {
              "name": "35854",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35854"
            },
            {
              "name": "35852",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35852"
            },
            {
              "name": "20070105 Coppermine Photo Gallery \u003c= 1.4.10 SQL Injection Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
            },
            {
              "name": "21894",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21894"
            },
            {
              "name": "35856",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35856"
            },
            {
              "name": "35855",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35855"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0122",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "35853",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35853"
                },
                {
                  "name": "2123",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2123"
                },
                {
                  "name": "25846",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25846"
                },
                {
                  "name": "http://acid-root.new.fr/poc/19070104.txt",
                  "refsource": "MISC",
                  "url": "http://acid-root.new.fr/poc/19070104.txt"
                },
                {
                  "name": "3085",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3085"
                },
                {
                  "name": "35854",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35854"
                },
                {
                  "name": "35852",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35852"
                },
                {
                  "name": "20070105 Coppermine Photo Gallery \u003c= 1.4.10 SQL Injection Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"
                },
                {
                  "name": "21894",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/21894"
                },
                {
                  "name": "35856",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35856"
                },
                {
                  "name": "35855",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35855"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0122",
        "datePublished": "2007-01-09T02:00:00.000Z",
        "dateReserved": "2007-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:03:37.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1616 (GCVE-0-2009-1616)

    Vulnerability from cvelistv5 – Published: 2009-05-11 20:00 – Updated: 2024-09-16 22:08
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/34961 third-party-advisoryx_refsource_SECUNIA
    http://forum.coppermine-gallery.net/index.php/top… x_refsource_CONFIRM
    http://forum.coppermine-gallery.net/index.php/top… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/34782 vdb-entryx_refsource_BID
    http://osvdb.org/54145 vdb-entryx_refsource_OSVDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:20:34.766Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34961",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34961"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html"
              },
              {
                "name": "34782",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34782"
              },
              {
                "name": "54145",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54145"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-05-11T20:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34961",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34961"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html"
            },
            {
              "name": "34782",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34782"
            },
            {
              "name": "54145",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54145"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1616",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34961",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34961"
                },
                {
                  "name": "http://forum.coppermine-gallery.net/index.php/topic,59247.0.html",
                  "refsource": "CONFIRM",
                  "url": "http://forum.coppermine-gallery.net/index.php/topic,59247.0.html"
                },
                {
                  "name": "http://forum.coppermine-gallery.net/index.php/topic,59237.0.html",
                  "refsource": "CONFIRM",
                  "url": "http://forum.coppermine-gallery.net/index.php/topic,59237.0.html"
                },
                {
                  "name": "34782",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34782"
                },
                {
                  "name": "54145",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54145"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1616",
        "datePublished": "2009-05-11T20:00:00.000Z",
        "dateReserved": "2009-05-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:08:47.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1841 (GCVE-0-2008-1841)

    Vulnerability from cvelistv5 – Published: 2008-04-16 17:00 – Updated: 2024-08-07 08:40
    VLAI KEVIntel
    Summary
    SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:40:59.593Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "28767",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28767"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
              },
              {
                "name": "coppermine-coppermineinc-sql-injection(41788)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
              },
              {
                "name": "29741",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29741"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008.  NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "28767",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28767"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
            },
            {
              "name": "coppermine-coppermineinc-sql-injection(41788)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
            },
            {
              "name": "29741",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29741"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1841",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008.  NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "28767",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28767"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
                },
                {
                  "name": "http://forum.coppermine-gallery.net/index.php/topic,51882.0.html",
                  "refsource": "CONFIRM",
                  "url": "http://forum.coppermine-gallery.net/index.php/topic,51882.0.html"
                },
                {
                  "name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
                },
                {
                  "name": "coppermine-coppermineinc-sql-injection(41788)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
                },
                {
                  "name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
                },
                {
                  "name": "29741",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29741"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1841",
        "datePublished": "2008-04-16T17:00:00.000Z",
        "dateReserved": "2008-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:40:59.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1840 (GCVE-0-2008-1840)

    Vulnerability from cvelistv5 – Published: 2008-04-16 17:00 – Updated: 2024-08-07 08:40
    VLAI
    Summary
    SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://sourceforge.net/project/shownotes.php?grou… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/28766 vdb-entryx_refsource_BID
    http://secunia.com/advisories/29795 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/44345 vdb-entryx_refsource_OSVDB
    http://forum.coppermine-gallery.net/index.php/top… x_refsource_CONFIRM
    Date Public
    2008-04-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:40:59.516Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "coppermine-upload-sql-injection(41784)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
              },
              {
                "name": "28766",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28766"
              },
              {
                "name": "29795",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29795"
              },
              {
                "name": "44345",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/44345"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "coppermine-upload-sql-injection(41784)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
            },
            {
              "name": "28766",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28766"
            },
            {
              "name": "29795",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29795"
            },
            {
              "name": "44345",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/44345"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.coppermine-gallery.net/index.php/topic%2C51787%2C0.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1840",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "coppermine-upload-sql-injection(41784)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41784"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
                },
                {
                  "name": "28766",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28766"
                },
                {
                  "name": "29795",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29795"
                },
                {
                  "name": "44345",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/44345"
                },
                {
                  "name": "http://forum.coppermine-gallery.net/index.php/topic,51787,0.html",
                  "refsource": "CONFIRM",
                  "url": "http://forum.coppermine-gallery.net/index.php/topic,51787,0.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1840",
        "datePublished": "2008-04-16T17:00:00.000Z",
        "dateReserved": "2008-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:40:59.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0506 (GCVE-0-2008-0506)

    Vulnerability from cvelistv5 – Published: 2008-01-31 19:30 – Updated: 2024-08-07 07:46
    VLAI
    Summary
    include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.waraxe.us/advisory-65.html x_refsource_MISC
    http://coppermine-gallery.net/forum/index.php?top… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/0367 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/27512 vdb-entryx_refsource_BID
    http://secunia.com/advisories/28682 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/487310/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1019286 vdb-entryx_refsource_SECTRACK
    https://www.exploit-db.com/exploits/5019 exploitx_refsource_EXPLOIT-DB
    Date Public
    2008-01-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:46:55.013Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.waraxe.us/advisory-65.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
              },
              {
                "name": "ADV-2008-0367",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0367"
              },
              {
                "name": "27512",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27512"
              },
              {
                "name": "28682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28682"
              },
              {
                "name": "20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
              },
              {
                "name": "1019286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019286"
              },
              {
                "name": "5019",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5019"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.waraxe.us/advisory-65.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
            },
            {
              "name": "ADV-2008-0367",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0367"
            },
            {
              "name": "27512",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27512"
            },
            {
              "name": "28682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28682"
            },
            {
              "name": "20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
            },
            {
              "name": "1019286",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019286"
            },
            {
              "name": "5019",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5019"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0506",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.waraxe.us/advisory-65.html",
                  "refsource": "MISC",
                  "url": "http://www.waraxe.us/advisory-65.html"
                },
                {
                  "name": "http://coppermine-gallery.net/forum/index.php?topic=50103.0",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
                },
                {
                  "name": "ADV-2008-0367",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0367"
                },
                {
                  "name": "27512",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27512"
                },
                {
                  "name": "28682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28682"
                },
                {
                  "name": "20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded"
                },
                {
                  "name": "1019286",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019286"
                },
                {
                  "name": "5019",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5019"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0506",
        "datePublished": "2008-01-31T19:30:00.000Z",
        "dateReserved": "2008-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:46:55.013Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0505 (GCVE-0-2008-0505)

    Vulnerability from cvelistv5 – Published: 2008-01-31 19:30 – Updated: 2024-08-07 07:46
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/27511 vdb-entryx_refsource_BID
    http://www.waraxe.us/advisory-66.html x_refsource_MISC
    http://www.securityfocus.com/archive/1/487351/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1019285 vdb-entryx_refsource_SECTRACK
    http://coppermine-gallery.net/forum/index.php?top… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/0367 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/28682 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-01-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:46:55.020Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27511",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27511"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.waraxe.us/advisory-66.html"
              },
              {
                "name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
              },
              {
                "name": "1019285",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019285"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
              },
              {
                "name": "ADV-2008-0367",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0367"
              },
              {
                "name": "28682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28682"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27511",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27511"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.waraxe.us/advisory-66.html"
            },
            {
              "name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
            },
            {
              "name": "1019285",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019285"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
            },
            {
              "name": "ADV-2008-0367",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0367"
            },
            {
              "name": "28682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28682"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0505",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27511",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27511"
                },
                {
                  "name": "http://www.waraxe.us/advisory-66.html",
                  "refsource": "MISC",
                  "url": "http://www.waraxe.us/advisory-66.html"
                },
                {
                  "name": "20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487351/100/200/threaded"
                },
                {
                  "name": "1019285",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019285"
                },
                {
                  "name": "http://coppermine-gallery.net/forum/index.php?topic=50103.0",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0"
                },
                {
                  "name": "ADV-2008-0367",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0367"
                },
                {
                  "name": "28682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28682"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0505",
        "datePublished": "2008-01-31T19:30:00.000Z",
        "dateReserved": "2008-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:46:55.020Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5888 (GCVE-0-2007-5888)

    Vulnerability from cvelistv5 – Published: 2007-11-07 21:00 – Updated: 2024-08-07 15:47
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/27534 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/26357 vdb-entryx_refsource_BID
    http://osvdb.org/38420 vdb-entryx_refsource_OSVDB
    http://coppermine-gallery.net/forum/index.php?top… x_refsource_CONFIRM
    Date Public
    2007-11-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:47:00.540Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27534",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27534"
              },
              {
                "name": "coppermine-displayecard-xss(38290)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
              },
              {
                "name": "26357",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26357"
              },
              {
                "name": "38420",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38420"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-11-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27534",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27534"
            },
            {
              "name": "coppermine-displayecard-xss(38290)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
            },
            {
              "name": "26357",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26357"
            },
            {
              "name": "38420",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38420"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5888",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27534",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27534"
                },
                {
                  "name": "coppermine-displayecard-xss(38290)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290"
                },
                {
                  "name": "26357",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26357"
                },
                {
                  "name": "38420",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38420"
                },
                {
                  "name": "http://coppermine-gallery.net/forum/index.php?topic=48106.0",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5888",
        "datePublished": "2007-11-07T21:00:00.000Z",
        "dateReserved": "2007-11-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:47:00.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4976 (GCVE-0-2007-4976)

    Vulnerability from cvelistv5 – Published: 2007-09-19 18:00 – Updated: 2024-08-07 15:17
    VLAI
    Summary
    Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://coppermine-gallery.net/forum/index.php?top… x_refsource_CONFIRM
    http://securityreason.com/securityalert/3152 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/479757/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1018704 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/26843 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/3194 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/25698 vdb-entryx_refsource_BID
    http://osvdb.org/37101 vdb-entryx_refsource_OSVDB
    Date Public
    2007-09-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:17:27.633Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
              },
              {
                "name": "3152",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3152"
              },
              {
                "name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
              },
              {
                "name": "1018704",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018704"
              },
              {
                "name": "26843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26843"
              },
              {
                "name": "coppermine-viewlog-file-include(36660)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
              },
              {
                "name": "ADV-2007-3194",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3194"
              },
              {
                "name": "25698",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25698"
              },
              {
                "name": "37101",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/37101"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
            },
            {
              "name": "3152",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3152"
            },
            {
              "name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
            },
            {
              "name": "1018704",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018704"
            },
            {
              "name": "26843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26843"
            },
            {
              "name": "coppermine-viewlog-file-include(36660)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
            },
            {
              "name": "ADV-2007-3194",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3194"
            },
            {
              "name": "25698",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25698"
            },
            {
              "name": "37101",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/37101"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4976",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://coppermine-gallery.net/forum/index.php?topic=46847.0",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
                },
                {
                  "name": "3152",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3152"
                },
                {
                  "name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
                },
                {
                  "name": "1018704",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018704"
                },
                {
                  "name": "26843",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26843"
                },
                {
                  "name": "coppermine-viewlog-file-include(36660)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36660"
                },
                {
                  "name": "ADV-2007-3194",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3194"
                },
                {
                  "name": "25698",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25698"
                },
                {
                  "name": "37101",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/37101"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4976",
        "datePublished": "2007-09-19T18:00:00.000Z",
        "dateReserved": "2007-09-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:17:27.633Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4977 (GCVE-0-2007-4977)

    Vulnerability from cvelistv5 – Published: 2007-09-19 18:00 – Updated: 2024-08-07 15:17
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://coppermine-gallery.net/forum/index.php?top… x_refsource_CONFIRM
    http://securityreason.com/securityalert/3152 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/479757/100… mailing-listx_refsource_BUGTRAQ
    http://osvdb.org/37100 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1018704 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/26843 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/3194 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/25698 vdb-entryx_refsource_BID
    Date Public
    2007-09-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:17:27.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
              },
              {
                "name": "3152",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3152"
              },
              {
                "name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
              },
              {
                "name": "37100",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/37100"
              },
              {
                "name": "1018704",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018704"
              },
              {
                "name": "26843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26843"
              },
              {
                "name": "coppermine-mode-xss(36659)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
              },
              {
                "name": "ADV-2007-3194",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3194"
              },
              {
                "name": "25698",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25698"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
            },
            {
              "name": "3152",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3152"
            },
            {
              "name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
            },
            {
              "name": "37100",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/37100"
            },
            {
              "name": "1018704",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018704"
            },
            {
              "name": "26843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26843"
            },
            {
              "name": "coppermine-mode-xss(36659)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
            },
            {
              "name": "ADV-2007-3194",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3194"
            },
            {
              "name": "25698",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25698"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4977",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://coppermine-gallery.net/forum/index.php?topic=46847.0",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine-gallery.net/forum/index.php?topic=46847.0"
                },
                {
                  "name": "3152",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3152"
                },
                {
                  "name": "20070917 Coppermine \u003c= 1.4.12 Cross Site Scripting and Local File Inclusion",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/479757/100/0/threaded"
                },
                {
                  "name": "37100",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/37100"
                },
                {
                  "name": "1018704",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018704"
                },
                {
                  "name": "26843",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26843"
                },
                {
                  "name": "coppermine-mode-xss(36659)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36659"
                },
                {
                  "name": "ADV-2007-3194",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3194"
                },
                {
                  "name": "25698",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25698"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4977",
        "datePublished": "2007-09-19T18:00:00.000Z",
        "dateReserved": "2007-09-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:17:27.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4283 (GCVE-0-2007-4283)

    Vulnerability from cvelistv5 – Published: 2007-08-09 21:00 – Updated: 2024-08-07 14:46
    VLAI
    Summary
    PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/476015/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/475866/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/25243 vdb-entryx_refsource_BID
    http://osvdb.org/38710 vdb-entryx_refsource_OSVDB
    http://securityreason.com/securityalert/2989 third-party-advisoryx_refsource_SREASON
    Date Public
    2007-08-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:46:39.657Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "coppermine-yabbseinc-file-include(35884)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
              },
              {
                "name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
              },
              {
                "name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
              },
              {
                "name": "25243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25243"
              },
              {
                "name": "38710",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38710"
              },
              {
                "name": "2989",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2989"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "coppermine-yabbseinc-file-include(35884)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
            },
            {
              "name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
            },
            {
              "name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
            },
            {
              "name": "25243",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25243"
            },
            {
              "name": "38710",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38710"
            },
            {
              "name": "2989",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2989"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4283",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "coppermine-yabbseinc-file-include(35884)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
                },
                {
                  "name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
                },
                {
                  "name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
                },
                {
                  "name": "25243",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25243"
                },
                {
                  "name": "38710",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38710"
                },
                {
                  "name": "2989",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2989"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4283",
        "datePublished": "2007-08-09T21:00:00.000Z",
        "dateReserved": "2007-08-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:46:39.657Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3558 (GCVE-0-2007-3558)

    Vulnerability from cvelistv5 – Published: 2007-07-04 16:00 – Updated: 2024-09-16 18:48
    VLAI
    Summary
    SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/25846 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/24710 vdb-entryx_refsource_BID
    http://coppermine-gallery.net/forum/index.php?top… x_refsource_CONFIRM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:21:36.385Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "25846",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25846"
              },
              {
                "name": "24710",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24710"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-07-04T16:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "25846",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25846"
            },
            {
              "name": "24710",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24710"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-3558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "25846",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25846"
                },
                {
                  "name": "24710",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24710"
                },
                {
                  "name": "http://coppermine-gallery.net/forum/index.php?topic=44845.0",
                  "refsource": "CONFIRM",
                  "url": "http://coppermine-gallery.net/forum/index.php?topic=44845.0"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-3558",
        "datePublished": "2007-07-04T16:00:00.000Z",
        "dateReserved": "2007-07-04T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:48:53.524Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1414 (GCVE-0-2007-1414)

    Vulnerability from cvelistv5 – Published: 2007-03-12 23:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/2416 third-party-advisoryx_refsource_SREASON
    http://www.osvdb.org/35068 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/35065 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/35067 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/462322/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/22896 vdb-entryx_refsource_BID
    http://www.osvdb.org/35069 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/35066 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/463532/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/35070 vdb-entryx_refsource_OSVDB
    Date Public
    2007-03-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:07.928Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "2416",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2416"
              },
              {
                "name": "35068",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35068"
              },
              {
                "name": "35065",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35065"
              },
              {
                "name": "35067",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35067"
              },
              {
                "name": "20070309 Remote File Include In Script Coppermine Photo Gallery",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/462322/100/0/threaded"
              },
              {
                "name": "22896",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22896"
              },
              {
                "name": "35069",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35069"
              },
              {
                "name": "coppermine-multiple-scripts-file-include(32894)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32894"
              },
              {
                "name": "35066",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35066"
              },
              {
                "name": "20070322 Remote File Include In Coppermine Photo Gallery",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/463532/100/0/threaded"
              },
              {
                "name": "35070",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35070"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "2416",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2416"
            },
            {
              "name": "35068",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35068"
            },
            {
              "name": "35065",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35065"
            },
            {
              "name": "35067",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35067"
            },
            {
              "name": "20070309 Remote File Include In Script Coppermine Photo Gallery",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/462322/100/0/threaded"
            },
            {
              "name": "22896",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22896"
            },
            {
              "name": "35069",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35069"
            },
            {
              "name": "coppermine-multiple-scripts-file-include(32894)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32894"
            },
            {
              "name": "35066",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35066"
            },
            {
              "name": "20070322 Remote File Include In Coppermine Photo Gallery",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/463532/100/0/threaded"
            },
            {
              "name": "35070",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35070"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1414",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "2416",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2416"
                },
                {
                  "name": "35068",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35068"
                },
                {
                  "name": "35065",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35065"
                },
                {
                  "name": "35067",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35067"
                },
                {
                  "name": "20070309 Remote File Include In Script Coppermine Photo Gallery",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/462322/100/0/threaded"
                },
                {
                  "name": "22896",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22896"
                },
                {
                  "name": "35069",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35069"
                },
                {
                  "name": "coppermine-multiple-scripts-file-include(32894)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32894"
                },
                {
                  "name": "35066",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35066"
                },
                {
                  "name": "20070322 Remote File Include In Coppermine Photo Gallery",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/463532/100/0/threaded"
                },
                {
                  "name": "35070",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35070"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1414",
        "datePublished": "2007-03-12T23:00:00.000Z",
        "dateReserved": "2007-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:07.928Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1107 (GCVE-0-2007-1107)

    Vulnerability from cvelistv5 – Published: 2007-02-26 17:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/461158/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/2297 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/22709 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://www.exploit-db.com/exploits/3371 exploitx_refsource_EXPLOIT-DB
    https://www.exploit-db.com/exploits/4950 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/27372 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/4961 exploitx_refsource_EXPLOIT-DB
    http://osvdb.org/33133 vdb-entryx_refsource_OSVDB
    Date Public
    2007-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.514Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070224 Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/461158/100/0/threaded"
              },
              {
                "name": "coppermine-thumbnails-sql-injection(32688)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32688"
              },
              {
                "name": "2297",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2297"
              },
              {
                "name": "22709",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22709"
              },
              {
                "name": "copperminephoto-thumbnails-sql-injection(39806)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39806"
              },
              {
                "name": "3371",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3371"
              },
              {
                "name": "4950",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4950"
              },
              {
                "name": "27372",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27372"
              },
              {
                "name": "4961",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4961"
              },
              {
                "name": "33133",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33133"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie.  NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070224 Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/461158/100/0/threaded"
            },
            {
              "name": "coppermine-thumbnails-sql-injection(32688)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32688"
            },
            {
              "name": "2297",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2297"
            },
            {
              "name": "22709",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22709"
            },
            {
              "name": "copperminephoto-thumbnails-sql-injection(39806)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39806"
            },
            {
              "name": "3371",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3371"
            },
            {
              "name": "4950",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4950"
            },
            {
              "name": "27372",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27372"
            },
            {
              "name": "4961",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4961"
            },
            {
              "name": "33133",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33133"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1107",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie.  NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070224 Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/461158/100/0/threaded"
                },
                {
                  "name": "coppermine-thumbnails-sql-injection(32688)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32688"
                },
                {
                  "name": "2297",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2297"
                },
                {
                  "name": "22709",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22709"
                },
                {
                  "name": "copperminephoto-thumbnails-sql-injection(39806)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39806"
                },
                {
                  "name": "3371",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3371"
                },
                {
                  "name": "4950",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4950"
                },
                {
                  "name": "27372",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27372"
                },
                {
                  "name": "4961",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4961"
                },
                {
                  "name": "33133",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33133"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1107",
        "datePublished": "2007-02-26T17:00:00.000Z",
        "dateReserved": "2007-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.514Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0835 (GCVE-0-2007-0835)

    Vulnerability from cvelistv5 – Published: 2007-02-08 00:00 – Updated: 2024-08-07 12:34
    VLAI
    Summary
    admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24019 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/22406 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/33093 vdb-entryx_refsource_OSVDB
    Date Public
    2007-02-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:34:21.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24019",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24019"
              },
              {
                "name": "22406",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22406"
              },
              {
                "name": "coppermine-admin-command-execution(32236)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32236"
              },
              {
                "name": "33093",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33093"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (\";\" semicolon) in the \"Command line options for ImageMagick\" form field, when used as an option to ImageMagick\u0027s convert command.  NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24019",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24019"
            },
            {
              "name": "22406",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22406"
            },
            {
              "name": "coppermine-admin-command-execution(32236)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32236"
            },
            {
              "name": "33093",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33093"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0835",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (\";\" semicolon) in the \"Command line options for ImageMagick\" form field, when used as an option to ImageMagick\u0027s convert command.  NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24019",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24019"
                },
                {
                  "name": "22406",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22406"
                },
                {
                  "name": "coppermine-admin-command-execution(32236)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32236"
                },
                {
                  "name": "33093",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33093"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0835",
        "datePublished": "2007-02-08T00:00:00.000Z",
        "dateReserved": "2007-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:34:21.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0836 (GCVE-0-2007-0836)

    Vulnerability from cvelistv5 – Published: 2007-02-08 00:00 – Updated: 2024-08-07 12:34
    VLAI
    Summary
    admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/22409 vdb-entryx_refsource_BID
    http://secunia.com/advisories/24019 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/33094 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-02-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:34:21.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "22409",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22409"
              },
              {
                "name": "24019",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24019"
              },
              {
                "name": "33094",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33094"
              },
              {
                "name": "coppermine-admin-file-include(32233)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32233"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) \"Path to custom header include\" and (2) \"Path to custom footer include\" form fields.  NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "22409",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22409"
            },
            {
              "name": "24019",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24019"
            },
            {
              "name": "33094",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33094"
            },
            {
              "name": "coppermine-admin-file-include(32233)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32233"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0836",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) \"Path to custom header include\" and (2) \"Path to custom footer include\" form fields.  NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "22409",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22409"
                },
                {
                  "name": "24019",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24019"
                },
                {
                  "name": "33094",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33094"
                },
                {
                  "name": "coppermine-admin-file-include(32233)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32233"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0836",
        "datePublished": "2007-02-08T00:00:00.000Z",
        "dateReserved": "2007-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:34:21.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }