ID CVE-2007-0115
Summary Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.
References
Vulnerable Configurations
  • cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*
    cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 16-10-2018 - 16:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
refmap via4
bugtraq 20070105 Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit
misc http://acid-root.new.fr/poc/19070104.txt
osvdb 33383
sreason 2107
vim 20070108 Source verify - Coppermine Photo Gallery <= 1.4.10 code injection
Last major update 16-10-2018 - 16:31
Published 09-01-2007 - 02:28
Last modified 16-10-2018 - 16:31
Back to Top