// For flags

CVE-2008-0506

Coppermine Photo Gallery 1.4.14 - 'picEditor.php' Command Execution

Severity Score

9.8
*CVSS v3

Exploit Likelihood

88.4%
*EPSS

Affected Versions

1
*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.

El archivo include/imageObjectIM.class.php en Coppermine Photo Gallery (CPG) versiones anteriores a 1.4.15, cuando el método de procesamiento de imágenes de ImageMagick es configurado, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en el parámetro (1) quality, (2) angle o (3) clipval en el archivo picEditor.php.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-01-31 CVE Reserved
  • 2008-01-31 CVE Published
  • 2010-07-03 First Exploit
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions (1)