Lucene search

[email protected]CVE-2007-0115

HistoryJan 09, 2007 - 2:28 a.m.

CVE-2007-0115

2007-01-0902:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0115

static code injection

coppermine photo gallery

php

remote authentication

security vulnerability

7.7 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.8%

JSON

Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.

CPENameOperatorVersion
coppermine:coppermine_photo_gallerycoppermine coppermine photo galleryle1.4.10

CPE	Name	Operator	Version
coppermine:coppermine_photo_gallery	coppermine coppermine photo gallery	le	1.4.10

References

acid-root.new.fr/poc/19070104.txt

osvdb.org/33383

securityreason.com/securityalert/2107

www.attrition.org/pipermail/vim/2007-January/001218.html

www.securityfocus.com/archive/1/456051/100/0/threaded

7.7 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.8%

JSON

Related for CVE-2007-0115

prion1 cvelist1 securityvulns1