CVE-2008-0506

include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.

Published: Jan 31, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-0506
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
coppermine / coppermine_photo_gallery	-	1.4.14.x

http://coppermine-gallery.net/forum/index.php?topic=50103.0
http://secunia.com/advisories/28682
http://www.securityfocus.com/archive/1/487310/100/200/threaded
http://www.securityfocus.com/bid/27512
http://www.securitytracker.com/id?1019286
http://www.vupen.com/english/advisories/2008/0367
http://www.waraxe.us/advisory-65.html
https://www.exploit-db.com/exploits/5019

Vulnerability Database

289,784

CVE-2008-0506