CVE-2007-0115
Severity Score
6.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.
Vulnerabilidad de inyección de código estático en coppermine Photo Gallery 1.4.10 y anteriores permite a administradores autenticados remotamente ejecutar código PHP de su elección a través del Nombre de Usuario para login.php, el cual es inyectado dentro de un mensaje de error en security.log.php, que puede ser accedido utilizando viewlog.php.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-01-08 CVE Reserved
- 2007-01-09 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-09-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/33383 | Vdb Entry | |
| http://securityreason.com/securityalert/2107 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/456051/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|---|---|
| http://acid-root.new.fr/poc/19070104.txt | 2024-08-07 | |
| http://www.attrition.org/pipermail/vim/2007-January/001218.html | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Coppermine Search vendor "Coppermine" | Coppermine Photo Gallery Search vendor "Coppermine" for product "Coppermine Photo Gallery" | <= 1.4.10 Search vendor "Coppermine" for product "Coppermine Photo Gallery" and version " <= 1.4.10" | - |
Affected
| ||||||