Lucene search

[email protected]CVE-2006-6123

HistoryNov 26, 2006 - 11:07 p.m.

CVE-2006-6123

2006-11-2623:07:00

[email protected]

web.nvd.nist.gov

coppermine photo gallery

cpg

xss protection

security vulnerability

cve-2006-6123

6.5 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.085 Low

EPSS

Percentile

94.5%

JSON

Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.

Affected configurations

NVD

Node

copperminecoppermine_photo_galleryMatch1.4.8_stable

CPENameOperatorVersion
coppermine:coppermine_photo_gallerycoppermine coppermine photo galleryeq1.4.8_stable

CPE	Name	Operator	Version
coppermine:coppermine_photo_gallery	coppermine coppermine photo gallery	eq	1.4.8_stable

References

archives.neohapsis.com/archives/bugtraq/2006-06/0482.html

myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html

secunia.com/advisories/20597

securityreason.com/securityalert/1914

svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133

www.osvdb.org/27618

exchange.xforce.ibmcloud.com/vulnerabilities/27376

6.5 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.085 Low

EPSS

Percentile

94.5%

JSON

Related for CVE-2006-6123

cvelist1 nvd1