Coppermine imageObjectIM.class.php Command Execution Vulnerabilities

high Nessus Plugin ID 30132

Synopsis

The remote web server contains a PHP script that allows arbitrary command execution.

Description

The version of Coppermine Photo Gallery installed on the remote host fails to sanitize user input to the 'quality', 'angle' and 'clipval' parameters of the 'picEditor.php' script before using it in 'exec()' statements to call ImageMagick to process new images. An unauthenticated, remote attacker can leverage this issue to execute arbitrary code on the remote host subject to the privileges of the web server user id.

Solution

Either reconfigure the application to use GD as its graphics library, which is the default, or upgrade to Coppermine Photo Gallery version 1.4.15 or later.

See Also

http://www.waraxe.us/advisory-65.html

https://www.securityfocus.com/archive/1/487310/30/0/threaded

http://coppermine-gallery.net/forum/index.php?topic=50103.0

Plugin Details

Severity: High

ID: 30132

File Name: coppermine_imageobjectim_cmd_exec.nasl

Version: 1.28

Type: remote

Family: CGI abuses

Published: 1/31/2008

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Coppermine Photo Gallery picEditor.php Command Execution)

Reference Information

CVE: CVE-2008-0506

BID: 27512

CWE: 20