CVE-2006-6123
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.
Coppermine Photo Gallery (CPG) 1.4.8 estable, con register_globals activado, permiet a un atacante remoto evitar la protección XSS y asignar variables de su elección a través de una cadena de consulta que provoca que la variable se defina en un espacio global, con los separadores _GET, _REQUEST, u otros parámetros críticos, el cual son desasignados por el esquema de protección y previenen que la variable original pueda ser detectada.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-11-26 CVE Reserved
- 2006-11-26 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html | Mailing List | |
| http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html | X_refsource_misc | |
| http://securityreason.com/securityalert/1914 | Third Party Advisory | |
| http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133 | X_refsource_confirm | |
| http://www.osvdb.org/27618 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27376 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/20597 | 2017-07-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Coppermine Search vendor "Coppermine" | Coppermine Photo Gallery Search vendor "Coppermine" for product "Coppermine Photo Gallery" | 1.4.8_stable Search vendor "Coppermine" for product "Coppermine Photo Gallery" and version "1.4.8_stable" | - |
Affected
| ||||||