CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1987

HIGH
7.5
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile6.85th
PublishedApr 30, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.

Affected Platforms (CPE)

πŸ“¦
Coppermine

Coppermine Photo Gallery

= 1.0_rc3
πŸ“¦
Coppermine

Coppermine Photo Gallery

= 1.1_.0
πŸ“¦
Coppermine

Coppermine Photo Gallery

= 1.1_beta_2
πŸ“¦
Coppermine

Coppermine Photo Gallery

= 1.2
πŸ“¦
Coppermine

Coppermine Photo Gallery

= 1.2.1
πŸ“¦
Coppermine

Coppermine Photo Gallery

= 1.2.2_b
πŸ“¦
Francisco Burzi

Php Nuke

= 6.9
πŸ“¦
Francisco Burzi

Php Nuke

= 7.0
πŸ“¦
Francisco Burzi

Php Nuke

= 7.0_final
πŸ“¦
Francisco Burzi

Php Nuke

= 7.1
πŸ“¦
Francisco Burzi

Php Nuke

= 7.2

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=108360247732014&w=2
πŸ”— http://secunia.com/advisories/11524
πŸ”— http://securitytracker.com/id?1010001
πŸ”— http://www.osvdb.org/5759
πŸ”— http://www.securityfocus.com/bid/10253
πŸ”— http://www.waraxe.us/index.php?modname=sa&id=26
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/16043
πŸ”— http://marc.info/?l=bugtraq&m=108360247732014&w=2

Related Vulnerabilities

CVE-2007-141410.0

Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary P...

CVE-2004-19897.5

PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitra...

CVE-2004-19887.5

PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute a...

CVE-2005-12257.5

SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the fa...