{"edition": 1, "title": "Coppermine Photo Gallery picmgmtbatch.inc.php Arbitrary Command Execution", "bulletinFamily": "software", "published": "2004-04-29T00:00:00", "lastseen": "2017-04-28T13:20:00", "history": [], "modified": "2004-04-29T00:00:00", "reporter": "Janek Vind \"waraxe\"(come2waraxe@yahoo.com)", "hash": "39cb4be58ff47f6fa44406f64b7a091efe7abd12d7e51d7ef9e38746c6d426af", "viewCount": 1, "href": "https://vulners.com/osvdb/OSVDB:5759", "description": "## Vulnerability Description\nCoppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. By supplying specially crafted \"impath\" or \"jpeg_equal\" configuration parameters, a remote attacker could execute arbitrary shell commands on the system, resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 1.3beta or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCoppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. By supplying specially crafted \"impath\" or \"jpeg_equal\" configuration parameters, a remote attacker could execute arbitrary shell commands on the system, resulting in a loss of integrity.\n## References:\nVendor URL: http://coppermine.sourceforge.net/\nVendor Specific Solution URL: http://nukephotogallery.com/index.php?name=Downloads&d_op=viewdownloaddetails&lid=39\n[Vendor Specific Advisory URL](http://coppermine.sourceforge.net/board/index.php?topic=5879.0)\nSecurity Tracker: 1010001\n[Secunia Advisory ID:11524](https://secuniaresearch.flexerasoftware.com/advisories/11524/)\n[Related OSVDB ID: 5757](https://vulners.com/osvdb/OSVDB:5757)\n[Related OSVDB ID: 6495](https://vulners.com/osvdb/OSVDB:6495)\n[Related OSVDB ID: 6498](https://vulners.com/osvdb/OSVDB:6498)\n[Related OSVDB ID: 6499](https://vulners.com/osvdb/OSVDB:6499)\n[Related OSVDB ID: 5756](https://vulners.com/osvdb/OSVDB:5756)\n[Related OSVDB ID: 6497](https://vulners.com/osvdb/OSVDB:6497)\n[Related OSVDB ID: 6500](https://vulners.com/osvdb/OSVDB:6500)\n[Related OSVDB ID: 5758](https://vulners.com/osvdb/OSVDB:5758)\n[Related OSVDB ID: 5761](https://vulners.com/osvdb/OSVDB:5761)\n[Related OSVDB ID: 5912](https://vulners.com/osvdb/OSVDB:5912)\n[Related OSVDB ID: 6496](https://vulners.com/osvdb/OSVDB:6496)\nOther Advisory URL: http://www.waraxe.us/index.php?modname=sa&id=26\nKeyword: waraxe-2004-SA#026\nISS X-Force ID: 16043\nBugtraq ID: 10253\n", "affectedSoftware": [{"name": "Coppermine Photo Gallery", "version": "1.2.0 RC4", "operator": "eq"}, {"name": "Coppermine Photo Gallery", "version": "1.2.2b", "operator": "eq"}], "type": "osvdb", "hashmap": [{"key": "affectedSoftware", "hash": "19655d26b759fdd6ffc3cef5507e1e59"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "87238466a43ccf33ac523fcd8e2c9205"}, {"key": "href", "hash": "51bb04cc8000a82e37c5d3795b189f2c"}, {"key": "modified", "hash": "942c06939441269ca3f1e84d5d4c9e77"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "942c06939441269ca3f1e84d5d4c9e77"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "707397d4ad0b4973cf954ed4aeabda82"}, {"key": "title", "hash": "443f95c3ac5c7f939d83963cc33a0dfb"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "references": [], "objectVersion": "1.2", "enchantments": {"score": {"value": 1.0, "vector": "NONE", "modified": "2017-04-28T13:20:00"}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:00"}, "vulnersScore": 1.0}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "OSVDB:5759"}

{}