CVE-2006-1909

Current Description

Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.

Basic Data

PublishedApril 20, 2006
Last ModifiedJuly 20, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4.4*******

Vulnerable Software List

VendorProductVersions
Coppermine Coppermine Photo Gallery 1.4.4

References

NameSourceURLTags
http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.htmlhttp://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remoteMISC
19665http://secunia.com/advisories/19665SECUNIA
20060415 [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attackhttp://www.securityfocus.com/archive/1/431062BUGTRAQ
20060416 Re: [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attackhttp://www.securityfocus.com/archive/1/431118/30/0/threadedBUGTRAQ
17570http://www.securityfocus.com/bid/17570BIDExploit
ADV-2006-1392http://www.vupen.com/english/advisories/2006/1392VUPEN
coppermine-index-file-include(25866)https://exchange.xforce.ibmcloud.com/vulnerabilities/25866XF