CVE-2012-1613
NONE EPSS 80.2%
Published Sep 4, 201213y ago · Modified Jun 16, 20262w ago
Published Sep 4, 2012 13y ago
Last Modified Jun 16, 2026 2w ago
Description
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
Threat Intelligence
EPSS Exploit Probability
80.2% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 59
| Vendor | Product | Version | Range |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | * | ≤1.5.18 |
| coppermine-gallery | coppermine_photo_gallery | 1.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.1.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.3.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.3.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.3.2 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.3.3 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.3.4 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.3.5 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.2 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.3 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.4 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.5 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.6 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.7 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.8 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.9 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.10 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.11 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.12 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.13 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.14 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.15 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.16 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.17 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.18 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.19 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.20 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.21 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.22 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.23 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.24 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.25 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.26 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.27 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.2 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.3 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.4 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.6 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.8 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.10 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.12 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.14 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.16 | any |
References 12
- archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html
- coppermine.svn.sourceforge.net http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354
- forum.coppermine-gallery.net http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html
- osvdb.org http://osvdb.org/80731
- packetstormsecurity.org http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html
- secunia.com http://secunia.com/advisories/48643
- exploit-db.com http://www.exploit-db.com/exploits/18680
- openwall.com http://www.openwall.com/lists/oss-security/2012/03/30/5
- openwall.com http://www.openwall.com/lists/oss-security/2012/03/30/6
- openwall.com http://www.openwall.com/lists/oss-security/2012/04/03/6
- securityfocus.com http://www.securityfocus.com/bid/52818
- waraxe.us http://www.waraxe.us/advisory-81.html
Remediation
- coppermine.svn.sourceforge.net http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354