Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4976

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2007-4976
Last Modified 07 Mar 2011 09:59:44
Published 19 Sep 2007 02:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-4976

Summary

Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.

Vulnerable Systems

Application

  • Coppermine Photo Gallery 1.4

  • Coppermine Photo Gallery 1.4.10

  • Coppermine Photo Gallery 1.4.11

  • Coppermine Photo Gallery 1.4.12

  • Coppermine Photo Gallery 1.4.2

  • Coppermine Photo Gallery 1.4.4

  • Coppermine Photo Gallery 1.4.9


References

BID - 25698

SECUNIA - 26843

CONFIRM - http://coppermine-gallery.net/forum/index.php?topic=46847.0

VUPEN - ADV-2007-3194

BUGTRAQ - 20070917 Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion

OSVDB - 37101

XF - coppermine-viewlog-file-include(36660)

SECTRACK - 1018704

SREASON - 3152


Last Updated: 27 May 2016 10:46:02