CVE-2007-1414

Current Description

Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.

Basic Data

PublishedMarch 12, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCoppermineCoppermine Photo Gallery********

Vulnerable Software List

VendorProductVersions
Coppermine Coppermine Photo Gallery *

References

NameSourceURLTags
2416http://securityreason.com/securityalert/2416SREASON
35065http://www.osvdb.org/35065OSVDB
35066http://www.osvdb.org/35066OSVDB
35067http://www.osvdb.org/35067OSVDB
35068http://www.osvdb.org/35068OSVDB
35069http://www.osvdb.org/35069OSVDB
35070http://www.osvdb.org/35070OSVDB
20070309 Remote File Include In Script Coppermine Photo Galleryhttp://www.securityfocus.com/archive/1/462322/100/0/threadedBUGTRAQ
20070322 Remote File Include In Coppermine Photo Galleryhttp://www.securityfocus.com/archive/1/463532/100/0/threadedBUGTRAQ
22896http://www.securityfocus.com/bid/22896BIDExploit
coppermine-multiple-scripts-file-include(32894)https://exchange.xforce.ibmcloud.com/vulnerabilities/32894XF