ID CVE-2007-4283Type cveReporter NVDModified 2018-10-15T17:34:16
Description
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
{"id": "CVE-2007-4283", "bulletinFamily": "NVD", "title": "CVE-2007-4283", "description": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.", "published": "2007-08-09T17:17:00", "modified": "2018-10-15T17:34:16", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4283", "reporter": "NVD", "references": ["http://www.securityfocus.com/archive/1/476015/100/0/threaded", "http://www.securityfocus.com/archive/1/475866/100/0/threaded", "http://securityreason.com/securityalert/2989", "http://www.securityfocus.com/bid/25243", "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"], "cvelist": ["CVE-2007-4283"], "type": "cve", "lastseen": "2018-10-16T10:51:37", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:coppermine:coppermine_photo_gallery:1.3.1"], "cvelist": ["CVE-2007-4283"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.", "edition": 2, "enchantments": {"score": {"modified": "2017-07-29T11:22:11", "value": 7.5, "vector": "NONE"}}, "hash": "b7852474dde717b4bd0fd1cc703f001426a6ddcbb80588b2791ea7e6af539e2c", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "2f2bd2a599b33a1092e9fc435dc6f804", "key": "references"}, {"hash": "9eaa5082171493b02cbff6ceb0682b39", "key": "title"}, {"hash": "b26bc09f48bd4c6f27c6c8a51034a6b0", "key": "published"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "76c2474f1a815d673619b7d75c4c9dee", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "e0adfd774461e5a04f1ac8b51821cbc1", "key": "cpe"}, {"hash": "074f696e327308d7d744517850811d18", "key": "href"}, {"hash": "d53bdb3e6f3122e7e292557f98104c59", "key": "description"}, {"hash": "edb806d2e9e3a0c722d0bdd657d36904", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4283", "id": "CVE-2007-4283", "lastseen": "2017-07-29T11:22:11", "modified": "2017-07-28T21:32:49", "objectVersion": "1.3", "published": "2007-08-09T17:17:00", "references": ["http://securityreason.com/securityalert/2989", "http://www.securityfocus.com/archive/1/archive/1/476015/100/0/threaded", "http://www.securityfocus.com/bid/25243", "http://www.securityfocus.com/archive/1/archive/1/475866/100/0/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-4283", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-07-29T11:22:11"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:coppermine:coppermine_photo_gallery:1.3.1"], "cvelist": ["CVE-2007-4283"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.", "edition": 1, "enchantments": {}, "hash": "5b09aa49a6af8b88bb4f31a14c5bbbb7bf3b0407984f61b86c321e3a2cada7df", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "9eaa5082171493b02cbff6ceb0682b39", "key": "title"}, {"hash": "b190556016b7e5ad86f248c3270a29c7", "key": "modified"}, {"hash": "b26bc09f48bd4c6f27c6c8a51034a6b0", "key": "published"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "76c2474f1a815d673619b7d75c4c9dee", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "e0adfd774461e5a04f1ac8b51821cbc1", "key": "cpe"}, {"hash": "074f696e327308d7d744517850811d18", "key": "href"}, {"hash": "d53bdb3e6f3122e7e292557f98104c59", "key": "description"}, {"hash": "b5527361470e89afacfd4fab26d15b85", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4283", "id": "CVE-2007-4283", "lastseen": "2016-09-03T09:20:16", "modified": "2008-11-15T01:56:28", "objectVersion": "1.2", "published": "2007-08-09T17:17:00", "references": ["http://xforce.iss.net/xforce/xfdb/35884", "http://securityreason.com/securityalert/2989", "http://www.securityfocus.com/archive/1/archive/1/476015/100/0/threaded", "http://www.securityfocus.com/bid/25243", "http://www.securityfocus.com/archive/1/archive/1/475866/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-4283", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T09:20:16"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "e0adfd774461e5a04f1ac8b51821cbc1"}, {"key": "cvelist", "hash": "76c2474f1a815d673619b7d75c4c9dee"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "d53bdb3e6f3122e7e292557f98104c59"}, {"key": "href", "hash": "074f696e327308d7d744517850811d18"}, {"key": "modified", "hash": "ceadb136fee40e43baa8cd04f54dd8cf"}, {"key": "published", "hash": "b26bc09f48bd4c6f27c6c8a51034a6b0"}, {"key": "references", "hash": "55fbf16bddd45e6c03d69db14fba535a"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "9eaa5082171493b02cbff6ceb0682b39"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "7abc00b1484e20a90bc35f83b8f046e4eba5fcbedd520a4d52394e0140e945d1", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-10-16T10:51:37"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:30463"]}, {"type": "osvdb", "idList": ["OSVDB:38710"]}], "modified": "2018-10-16T10:51:37"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:coppermine:coppermine_photo_gallery:1.3.1"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"exploitdb": [{"lastseen": "2016-02-03T12:25:14", "bulletinFamily": "exploit", "description": "Coppermine Photo Gallery 1.3/1.4 YABBSE.INC.PHP Remote File Include Vulnerability. CVE-2007-4283. Webapps exploit for php platform", "modified": "2007-08-08T00:00:00", "published": "2007-08-08T00:00:00", "id": "EDB-ID:30463", "href": "https://www.exploit-db.com/exploits/30463/", "type": "exploitdb", "title": "Coppermine Photo Gallery 1.3/1.4 YABBSE.INC.PHP Remote File Include Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/25243/info\r\n\r\nCoppermine Photo Gallery is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.\r\n\r\nExploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n\r\nCoppermine 1.3.1 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/path/bridge/yabbse.inc.php?sourcedir=[Sh3LL] ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/30463/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "description": "## Manual Testing Notes\nhttp://[target]/[path]/bridge/yabbse.inc.php?sourcedir=[Sh3LL]\n## References:\nOther Advisory URL: http://securityreason.com/securityalert/2989\nISS X-Force ID: 35884\n[CVE-2007-4283](https://vulners.com/cve/CVE-2007-4283)\nBugtraq ID: 25243\n", "modified": "2007-08-08T00:00:00", "published": "2007-08-08T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:38710", "id": "OSVDB:38710", "title": "Coppermine Photo Gallery bridge/yabbse.inc.php sourcedir Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
