CVE-2008-0506

critical

Description

include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.

References

https://www.exploit-db.com/exploits/5019

http://www.waraxe.us/advisory-65.html

http://www.vupen.com/english/advisories/2008/0367

http://www.securitytracker.com/id?1019286

http://www.securityfocus.com/archive/1/487310/100/200/threaded

http://secunia.com/advisories/28682

http://coppermine-gallery.net/forum/index.php?topic=50103.0

Details

Source: Mitre, NVD

Published: 2008-01-31

Updated: 2018-10-15

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical