include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
coppermine-gallery.net/forum/index.php?topic=50103.0
secunia.com/advisories/28682
www.securityfocus.com/archive/1/487310/100/200/threaded
www.securityfocus.com/bid/27512
www.securitytracker.com/id?1019286
www.vupen.com/english/advisories/2008/0367
www.waraxe.us/advisory-65.html
www.exploit-db.com/exploits/5019