CVE-2006-6123
published 2006-11-26CVE-2006-6123: Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a…
PriorityP414low2.6CVSS 2.0
AVNACHAuNCNIPAN
EPSS
1.34%
67.7th percentile
Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coppermine | coppermine_photo_gallery | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Coppermine Photo Gallery 1.4.8 init.inc.php original cross site scripting (XFDB-27376 / SA20597)
vuldb·2026-04-29·CVSS 2.6
CVE-2006-6123 [LOW] Coppermine Photo Gallery 1.4.8 init.inc.php original cross site scripting (XFDB-27376 / SA20597)
A vulnerability has been found in Coppermine Photo Gallery 1.4.8 and classified as problematic. This impacts an unknown function of the file init.inc.php. The manipulation of the argument original leads to basic cross site scripting.
This vulnerability is traded as CVE-2006-6123. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
GHSA
GHSA-wpc6-vfm5-8g65: Coppermine Photo Gallery (CPG) 1
ghsa_unreviewed·2022-05-01
CVE-2006-6123 [LOW] GHSA-wpc6-vfm5-8g65: Coppermine Photo Gallery (CPG) 1
Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.htmlhttp://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.htmlhttp://secunia.com/advisories/20597http://securityreason.com/securityalert/1914http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133http://www.osvdb.org/27618https://exchange.xforce.ibmcloud.com/vulnerabilities/27376http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.htmlhttp://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.htmlhttp://secunia.com/advisories/20597http://securityreason.com/securityalert/1914http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133http://www.osvdb.org/27618https://exchange.xforce.ibmcloud.com/vulnerabilities/27376
2006-11-26
Published