6.8
CVE-2008-0506
- EPSS 58.9%
- Veröffentlicht 31.01.2008 20:00:00
- Zuletzt bearbeitet 16.06.2026 22:49:46
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Coppermine ≫ Coppermine Photo Gallery Version <= 1.4.14
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 58.9% | 0.99 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://coppermine-gallery.net/forum/index.php?topic=50103.0
http://secunia.com/advisories/28682
http://www.vupen.com/english/advisories/2008/0367
http://www.securityfocus.com/archive/1/487310/100/200/threaded
http://www.securityfocus.com/bid/27512
http://www.securitytracker.com/id?1019286
http://www.waraxe.us/advisory-65.html
https://www.exploit-db.com/exploits/5019