Lucene search

MitreCVE-2007-0836

HistoryFeb 08, 2007 - 12:28 a.m.

CVE-2007-0836

2007-02-0800:28:00

mitre

web.nvd.nist.gov

coppermine photo gallery

cve-2007-0836

file inclusion

remote code execution

information security

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.01

Percentile

83.8%

JSON

admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) “Path to custom header include” and (2) “Path to custom footer include” form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

Nvd

Node

copperminecoppermine_photo_galleryRange≤1.4.10

VendorProductVersionCPE
copperminecoppermine_photo_gallery*cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
coppermine	coppermine_photo_gallery	*	cpe:2.3:a:coppermine:coppermine_photo_gallery::::::::

References

osvdb.org/33094

secunia.com/advisories/24019

www.securityfocus.com/bid/22409

exchange.xforce.ibmcloud.com/vulnerabilities/32233

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.01

Percentile

83.8%

JSON

Related for CVE-2007-0836