| Vulnerability Name: | CVE-2007-1414 (CCN-32894) | ||||||||
| Assigned: | 2007-03-09 | ||||||||
| Published: | 2007-03-09 | ||||||||
| Updated: | 2018-10-16 | ||||||||
| Summary: | Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 8.1 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri Mar 09 2007 - 09:13:04 CST Remote File Include In Script Coppermine Photo Gallery Source: MITRE Type: CNA CVE-2007-1414 Source: SREASON Type: UNKNOWN 2416 Source: CCN Type: SourceForge.net Coppermine Photo Gallery Source: OSVDB Type: UNKNOWN 35065 Source: OSVDB Type: UNKNOWN 35066 Source: OSVDB Type: UNKNOWN 35067 Source: OSVDB Type: UNKNOWN 35068 Source: OSVDB Type: UNKNOWN 35069 Source: OSVDB Type: UNKNOWN 35070 Source: CCN Type: OSVDB ID: 35065 Coppermine Photo Gallery image_processor.php cmd Parameter Remote File Inclusion Source: CCN Type: OSVDB ID: 35066 Coppermine Photo Gallery include/functions.php path Parameter Remote File Inclusion Source: CCN Type: OSVDB ID: 35067 Coppermine Photo Gallery include/picmgmt.inc.php cmd Parameter Remote File Inclusion Source: CCN Type: OSVDB ID: 35068 Coppermine Photo Gallery include/plugin_api.inc.php path Parameter Remote File Inclusion Source: CCN Type: OSVDB ID: 35069 Coppermine Photo Gallery index.php path Parameter Remote File Inclusion Source: CCN Type: OSVDB ID: 35070 Coppermine Photo Gallery pluginmgr.php path Parameter Remote File Inclusion Source: BUGTRAQ Type: UNKNOWN 20070309 Remote File Include In Script Coppermine Photo Gallery Source: BUGTRAQ Type: UNKNOWN 20070322 Remote File Include In Coppermine Photo Gallery Source: BID Type: Exploit 22896 Source: CCN Type: BID-22896 Retired: Coppermine Photo Gallery Multiple Remote File Include Vulnerabilities Source: XF Type: UNKNOWN coppermine-multiple-scripts-file-include(32894) Source: XF Type: UNKNOWN coppermine-multiple-scripts-file-include(32894) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||