Vulnerabilities > CVE-2007-1414 - Remote File Include vulnerability in Retired: Coppermine Photo Gallery
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://securityreason.com/securityalert/2416
- http://www.osvdb.org/35065
- http://www.osvdb.org/35066
- http://www.osvdb.org/35067
- http://www.osvdb.org/35068
- http://www.osvdb.org/35069
- http://www.osvdb.org/35070
- http://www.securityfocus.com/archive/1/462322/100/0/threaded
- http://www.securityfocus.com/archive/1/463532/100/0/threaded
- http://www.securityfocus.com/bid/22896
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32894