Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0836 — Photo Gallery vulnerability

4 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

3.0%

top 13.45%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Coppermine Photo Gallery

Timeline

PublishedFeb 8

Latest updateMay 1

Description

admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcoppermine/coppermine_photo_gallery1.4.10

🔴Vulnerability Details

GHSA

GHSA-fjhh-7wwg-jh75: admin↗2022-05-01

▶

CVEList

CVE-2007-0836: admin↗2007-02-08

▶

💥Exploits & PoCs

Exploit-DB

Coppermine Photo Gallery 1.4.10 - Multiple Local/Remote File Inclusions↗2007-02-05

▶