Vulnerability Details : CVE-2008-0506
Public exploit exists!
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
Vulnerability category: Input validation
Products affected by CVE-2008-0506
- cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0506
96.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2008-0506
-
Coppermine Photo Gallery picEditor.php Command Execution
Disclosure Date: 2008-01-30First seen: 2020-04-26exploit/unix/webapp/coppermine_piceditorThis module exploits a vulnerability in the picEditor.php script of Coppermine Photo Gallery versions 1.4.14 and earlier. When configured to use the ImageMagick library, the 'quality', 'angle', and 'clipval' parameters are not properly escaped before being passed to
CVSS scores for CVE-2008-0506
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2008-0506
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0506
-
http://www.securitytracker.com/id?1019286
-
http://www.vupen.com/english/advisories/2008/0367
Vendor Advisory
-
https://www.exploit-db.com/exploits/5019
Coppermine Photo Gallery 1.4.14 - Remote Command Execution - PHP webapps Exploit
-
http://www.waraxe.us/advisory-65.html
-
http://www.securityfocus.com/archive/1/487310/100/200/threaded
-
http://www.securityfocus.com/bid/27512
Exploit;Patch
-
http://coppermine-gallery.net/forum/index.php?topic=50103.0
Patch
Jump to