Vulnerability Details : CVE-2008-0506
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
Vulnerability category: Input validation
At least one public exploit which can be used to exploit this vulnerability exists!
Exploit prediction scoring system (EPSS) score for CVE-2008-0506
Probability of exploitation activity in the next 30 days: 96.20%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2008-0506
-
Coppermine Photo Gallery picEditor.php Command Execution
Disclosure Date : 2008-01-30exploit/unix/webapp/coppermine_piceditorThis module exploits a vulnerability in the picEditor.php script of Coppermine Photo Gallery versions 1.4.14 and earlier. When configured to use the ImageMagick library, the 'quality', 'angle', and 'clipval' parameters are not properly escaped before being passed to the PHP 'exec' command. In order to reach the vulnerable 'exec' call, the input must pass several validation steps. The vulnerabilities actually reside in the following functions: image_processor.php: rotate_image(...) include/imageObjectIM.class.php: imageObject::cropImage(...) include/imageObjectIM.class.php: imageObject::rotateImage(...) include/imageObjectIM.class.php: imageObject::resizeImage(...) include/picmgmt.inc.php: resize_image(...) NOTE: Use of the ImageMagick library is a non-default option. However, a user can specify its use at installation time. Authors: - Janek Vind - jduc
CVSS scores for CVE-2008-0506
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
[email protected] |
CWE ids for CVE-2008-0506
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: [email protected] (Primary)
References for CVE-2008-0506
-
http://www.securitytracker.com/id?1019286
-
http://www.vupen.com/english/advisories/2008/0367
Vendor Advisory
-
https://www.exploit-db.com/exploits/5019
-
http://www.waraxe.us/advisory-65.html
-
http://www.securityfocus.com/archive/1/487310/100/200/threaded
-
http://www.securityfocus.com/bid/27512
Exploit;Patch
- http://coppermine-gallery.net/forum/index.php?topic=50103.0
Products affected by CVE-2008-0506
- cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*