Vulnerabilities > CVE-2006-0872 - File Include vulnerability in Coppermine Photo Gallery 1.4.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | FreeBSD Local Security Checks |
| NASL id | FREEBSD_PKG_77CCEAEFE9A411DAB9F400123FFE8333.NASL |
| description | Secunia reports : Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people and by malicious users to compromise a vulnerable system. 1) Input passed to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 21587 |
| published | 2006-05-23 |
| reporter | This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/21587 |
| title | FreeBSD : coppermine -- File Inclusion Vulnerabilities (77cceaef-e9a4-11da-b9f4-00123ffe8333) |
References
- http://coppermine-gallery.net/forum/index.php?topic=28062.0
- http://retrogod.altervista.org/cpg_143_adv.html
- http://retrogod.altervista.org/cpg_143_incl_xpl.html
- http://secunia.com/advisories/18941
- http://securitytracker.com/id?1015646
- http://www.securityfocus.com/archive/1/425387
- http://www.securityfocus.com/bid/16718
- http://www.vupen.com/english/advisories/2006/0669
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24814