ID CVE-2007-4283Type cveReporter cve@mitre.orgModified 2018-10-15T21:34:00
Description
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
{"id": "CVE-2007-4283", "bulletinFamily": "NVD", "title": "CVE-2007-4283", "description": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.", "published": "2007-08-09T21:17:00", "modified": "2018-10-15T21:34:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4283", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/archive/1/476015/100/0/threaded", "http://www.securityfocus.com/archive/1/475866/100/0/threaded", "http://securityreason.com/securityalert/2989", "http://osvdb.org/38710", "http://www.securityfocus.com/bid/25243", "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"], "cvelist": ["CVE-2007-4283"], "type": "cve", "lastseen": "2019-05-29T18:09:01", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "471605c576dc8bc7fd8fc825624f27d2"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "e0adfd774461e5a04f1ac8b51821cbc1"}, {"key": "cpe23", "hash": "fd58ef1b7a7d8d214d075d6a9b0c2854"}, {"key": "cvelist", "hash": "76c2474f1a815d673619b7d75c4c9dee"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "7f7c77d2dde7216a66d00321bd5828f8"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "d53bdb3e6f3122e7e292557f98104c59"}, {"key": "href", "hash": "074f696e327308d7d744517850811d18"}, {"key": "modified", "hash": "2ea4368448e6fc5f533f592e6a10c2d9"}, {"key": "published", "hash": "d7977e41042537bbda67fa4a20a864e1"}, {"key": "references", "hash": "8c57537baeab371b52d2069375179a1e"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "9eaa5082171493b02cbff6ceb0682b39"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "9f31c03730718dfc628ffd548019100ebd8d46c7fc1520aa8db459bb4d7de5a2", "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2019-05-29T18:09:01"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:38710"]}, {"type": "exploitdb", "idList": ["EDB-ID:30463"]}], "modified": "2019-05-29T18:09:01"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "cpe": ["cpe:/a:coppermine:coppermine_photo_gallery:1.3.1"], "affectedSoftware": [{"name": "coppermine coppermine_photo_gallery", "operator": "eq", "version": "1.3.1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "description": "## Manual Testing Notes\nhttp://[target]/[path]/bridge/yabbse.inc.php?sourcedir=[Sh3LL]\n## References:\nOther Advisory URL: http://securityreason.com/securityalert/2989\nISS X-Force ID: 35884\n[CVE-2007-4283](https://vulners.com/cve/CVE-2007-4283)\nBugtraq ID: 25243\n", "modified": "2007-08-08T00:00:00", "published": "2007-08-08T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:38710", "id": "OSVDB:38710", "title": "Coppermine Photo Gallery bridge/yabbse.inc.php sourcedir Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T12:25:14", "bulletinFamily": "exploit", "description": "Coppermine Photo Gallery 1.3/1.4 YABBSE.INC.PHP Remote File Include Vulnerability. CVE-2007-4283. Webapps exploit for php platform", "modified": "2007-08-08T00:00:00", "published": "2007-08-08T00:00:00", "id": "EDB-ID:30463", "href": "https://www.exploit-db.com/exploits/30463/", "type": "exploitdb", "title": "Coppermine Photo Gallery 1.3/1.4 YABBSE.INC.PHP Remote File Include Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/25243/info\r\n\r\nCoppermine Photo Gallery is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.\r\n\r\nExploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n\r\nCoppermine 1.3.1 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/path/bridge/yabbse.inc.php?sourcedir=[Sh3LL] ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/30463/"}]}
