2 matches found
FreeBSD : coppermine -- multiple vulnerabilities (12488805-6773-11dc-8be8-02e0185f8d72)
The coppermine development team reports two vulnerabilities with the coppermine application. These vulnerabilities are caused by improper checking of the log variable in 'viewlog.php' and improper checking of the referer variable in 'mode.php'. This could allow local file inclusion, potentially...
CVE-2007-4976
CVE-2007-4976 involves a directory traversal in Coppermine Photo Gallery (CPG) prior to or including 1.4.12. The flaw is in viewlog.php: an unsafely handled log parameter can be exploited to include and execute arbitrary local files by using ".." (dot dot). The vulnerability requires authenticati...