CVE-2007-0115 — Static Code Injection in Photo Gallery

5 documents4 sources

Severity

6.0MEDIUMNVD

EPSS

1.1%

top 21.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Coppermine Photo Gallery

Timeline

PublishedJan 9

Latest updateMay 1

Description

Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

▶NVDcoppermine/coppermine_photo_gallery1.4.10

🔴Vulnerability Details

GHSA

GHSA-58jh-xg7h-mj6f: Static code injection vulnerability in Coppermine Photo Gallery 1↗2022-05-01

▶

CVEList

CVE-2007-0115: Static code injection vulnerability in Coppermine Photo Gallery 1↗2007-01-09

▶

💬Community

Bugzilla

CVE-2007-6337 clamav: undocumented bzlib issue↗2007-12-20

▶

Bugzilla

CVE-2007-6336 clamav: off-by-one in the MS-ZIP decompression code↗2007-12-20

▶