Vulnerability CVE-2008-0506
Published: 2008-01-31   Modified: 2012-02-12

Description:
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Coppermine -> Coppermine photo gallery 

 References:
http://coppermine-gallery.net/forum/index.php?topic=50103.0
http://www.securityfocus.com/archive/1/487310/100/200/threaded
http://www.securityfocus.com/bid/27512
http://www.securitytracker.com/id?1019286
http://www.vupen.com/english/advisories/2008/0367
http://www.waraxe.us/advisory-65.html
https://www.exploit-db.com/exploits/5019
Copyright 2024, cxsecurity.com

 

Back to Top