Cross-Site Scripting Vulnerabilities in Coppermine Photo Gallery by Coppermine
CVE-2015-6528

Currently unrated

Key Information:

Vendor: Coppermine-gallery
Status: Coppermine Photo Gallery
Vendor: CVE Published:; 20 August 2015

🔔 Create Coppermine-gallery Vulnerability Alert

What is CVE-2015-6528?

The vulnerability allows remote attackers to exploit multiple cross-site scripting (XSS) flaws within the install_classic.php file of Coppermine Photo Gallery version 1.5.36. By manipulating the input parameters, including admin_username, admin_password, admin_email, dbserver, dbname, dbuser, dbpass, table_prefix, or impath, attackers can inject malicious web scripts or HTML. This could lead to unauthorized actions on behalf of users or compromise sensitive data by executing scripts in the context of the user's session.

References

http://packetstormsecurity.com/files/133059/Coppermine-Ph...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 20, 2015

JSON