Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3486

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3486
Last Modified 19 Aug 2009 01:17:54
Published 06 Aug 2008 01:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3486

Summary

Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.

Vulnerable Systems

Application

  • Coppermine-gallery Coppermine Photo Gallery 1.0

  • Coppermine-gallery Coppermine Photo Gallery 1.1

  • Coppermine-gallery Coppermine Photo Gallery 1.1.0

  • Coppermine-gallery Coppermine Photo Gallery 1.2.0

  • Coppermine-gallery Coppermine Photo Gallery 1.2.1

  • Coppermine-gallery Coppermine Photo Gallery 1.3.0

  • Coppermine-gallery Coppermine Photo Gallery 1.4

  • Coppermine-gallery Coppermine Photo Gallery 1.4.0

  • Coppermine-gallery Coppermine Photo Gallery 1.4.1

  • Coppermine-gallery Coppermine Photo Gallery 1.4.10

  • Coppermine-gallery Coppermine Photo Gallery 1.4.11

  • Coppermine-gallery Coppermine Photo Gallery 1.4.12

  • Coppermine-gallery Coppermine Photo Gallery 1.4.13

  • Coppermine-gallery Coppermine Photo Gallery 1.4.14

  • Coppermine-gallery Coppermine Photo Gallery 1.4.15

  • Coppermine-gallery Coppermine Photo Gallery 1.4.16

  • Coppermine-gallery Coppermine Photo Gallery 1.4.17

  • Coppermine-gallery Coppermine Photo Gallery 1.4.18

  • Coppermine-gallery Coppermine Photo Gallery 1.4.2

  • Coppermine-gallery Coppermine Photo Gallery 1.4.3

  • Coppermine-gallery Coppermine Photo Gallery 1.4.4

  • Coppermine-gallery Coppermine Photo Gallery 1.4.5

  • Coppermine-gallery Coppermine Photo Gallery 1.4.6

  • Coppermine-gallery Coppermine Photo Gallery 1.4.7

  • Coppermine-gallery Coppermine Photo Gallery 1.4.8

  • Coppermine-gallery Coppermine Photo Gallery 1.4.9


References

XF - coppermine-lang-file-include(44133)

BID - 30480

MILW0RM - 6178

SREASON - 4108

SECUNIA - 31295


Last Updated: 27 May 2016 10:48:12