Lucene search

MitreCVE-2006-6123

HistoryNov 26, 2006 - 11:07 p.m.

CVE-2006-6123

2006-11-2623:07:00

mitre

web.nvd.nist.gov

coppermine photo gallery

cpg

xss protection

security vulnerability

cve-2006-6123

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.085

Percentile

94.5%

JSON

Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.

Affected configurations

Nvd

Node

copperminecoppermine_photo_galleryMatch1.4.8_stable

VendorProductVersionCPE
copperminecoppermine_photo_gallery1.4.8_stablecpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.8_stable:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
coppermine	coppermine_photo_gallery	1.4.8_stable	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.8_stable:::::::*

References

archives.neohapsis.com/archives/bugtraq/2006-06/0482.html

myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html

secunia.com/advisories/20597

securityreason.com/securityalert/1914

svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133

www.osvdb.org/27618

exchange.xforce.ibmcloud.com/vulnerabilities/27376

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.085

Percentile

94.5%

JSON

Related for CVE-2006-6123