CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
99.6%
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
Vendor | Product | Version | CPE |
---|---|---|---|
coppermine | coppermine_photo_gallery | * | cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:* |
coppermine-gallery.net/forum/index.php?topic=50103.0
secunia.com/advisories/28682
www.securityfocus.com/archive/1/487310/100/200/threaded
www.securityfocus.com/bid/27512
www.securitytracker.com/id?1019286
www.vupen.com/english/advisories/2008/0367
www.waraxe.us/advisory-65.html
www.exploit-db.com/exploits/5019