Vulnerability Details CVE-2008-0506
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.884
EPSS Ranking 99.5%
CVSS Severity
CVSS v2 Score 6.8
References
- http://coppermine-gallery.net/forum/index.php?topic=50103.0
- http://secunia.com/advisories/28682
- http://www.securityfocus.com/archive/1/487310/100/200/threaded
- http://www.securityfocus.com/bid/27512
- http://www.securitytracker.com/id?1019286
- http://www.vupen.com/english/advisories/2008/0367
- http://www.waraxe.us/advisory-65.html
- https://www.exploit-db.com/exploits/5019
- http://coppermine-gallery.net/forum/index.php?topic=50103.0
- http://secunia.com/advisories/28682
- http://www.securityfocus.com/archive/1/487310/100/200/threaded
- http://www.securityfocus.com/bid/27512
- http://www.securitytracker.com/id?1019286
- http://www.vupen.com/english/advisories/2008/0367
- http://www.waraxe.us/advisory-65.html
- https://www.exploit-db.com/exploits/5019
Products affected by CVE-2008-0506
-
cpe:2.3:a:coppermine:coppermine_photo_gallery:*