Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0506

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-0506
Last Modified 11 Sep 2009 12:00:00
Published 31 Jan 2008 03:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0506

Summary

include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.

Vulnerable Systems

Application

  • Coppermine Photo Gallery 1.4.14


References

BID - 27512

CONFIRM - http://coppermine-gallery.net/forum/index.php?topic=50103.0

MISC - http://www.waraxe.us/advisory-65.html

VUPEN - ADV-2008-0367

SECTRACK - 1019286

BUGTRAQ - 20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14

MILW0RM - 5019

SECUNIA - 28682


Last Updated: 27 May 2016 10:46:50