CVE-2008-0506
Coppermine Photo Gallery 1.4.14 - 'picEditor.php' Command Execution
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
El archivo include/imageObjectIM.class.php en Coppermine Photo Gallery (CPG) versiones anteriores a 1.4.15, cuando el método de procesamiento de imágenes de ImageMagick es configurado, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en el parámetro (1) quality, (2) angle o (3) clipval en el archivo picEditor.php.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-01-31 CVE Reserved
- 2008-01-31 CVE Published
- 2010-07-03 First Exploit
- 2024-08-07 CVE Updated
- 2024-10-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/487310/100/200/threaded | Mailing List | |
| http://www.securitytracker.com/id?1019286 | Vdb Entry | |
| http://www.waraxe.us/advisory-65.html | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16909 | 2010-07-03 | |
| http://www.securityfocus.com/bid/27512 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/5019 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://coppermine-gallery.net/forum/index.php?topic=50103.0 | 2018-10-15 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28682 | 2018-10-15 | |
| http://www.vupen.com/english/advisories/2008/0367 | 2018-10-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Coppermine Search vendor "Coppermine" | Coppermine Photo Gallery Search vendor "Coppermine" for product "Coppermine Photo Gallery" | <= 1.4.14 Search vendor "Coppermine" for product "Coppermine Photo Gallery" and version " <= 1.4.14" | - |
Affected
| ||||||