Vulnerabilities > CVE-2006-6123 - Unspecified vulnerability in Coppermine Photo Gallery 1.4.8Stable
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html
- http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html
- http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html
- http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html
- http://secunia.com/advisories/20597
- http://secunia.com/advisories/20597
- http://securityreason.com/securityalert/1914
- http://securityreason.com/securityalert/1914
- http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133
- http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133
- http://www.osvdb.org/27618
- http://www.osvdb.org/27618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27376
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27376