CyberSec.Space Logo
Back to CVE Browser

CVE-2007-1414

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile9.26th
PublishedMar 12, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.

Affected Platforms (CPE)

πŸ“¦
Coppermine

Coppermine Photo Gallery

All versions

References & Advisories

πŸ”— http://securityreason.com/securityalert/2416
πŸ”— http://www.osvdb.org/35065
πŸ”— http://www.osvdb.org/35066
πŸ”— http://www.osvdb.org/35067
πŸ”— http://www.osvdb.org/35068
πŸ”— http://www.osvdb.org/35069
πŸ”— http://www.osvdb.org/35070
πŸ”— http://www.securityfocus.com/archive/1/462322/100/0/threaded

Related Vulnerabilities

CVE-2004-19897.5

PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitra...

CVE-2004-19887.5

PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute a...

CVE-2004-19877.5

picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to ex...

CVE-2005-12257.5

SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the fa...