Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0506 — Improper Input Validation in Photo Gallery

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

88.4%

top 0.50%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Coppermine Photo Gallery

Timeline

PublishedJan 31

Latest updateMay 1

Description

include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDcoppermine/coppermine_photo_gallery1.4.14

Patches

Patch: coppermine-gallery.net ↗Patch: www.securityfocus.com ↗Patch: coppermine-gallery.net ↗

🔴Vulnerability Details

GHSA

GHSA-8234-r487-52gh: include/imageObjectIM↗2022-05-01

▶

CVEList

CVE-2008-0506: include/imageObjectIM↗2008-01-31

▶

💥Exploits & PoCs

Exploit-DB

Coppermine Photo Gallery 1.4.14 - 'picEditor.php' Command Execution (Metasploit)↗2010-07-03

▶