CyberSec.Space Logo
CVEブラウザに戻る

CVE-2004-1989

HIGH
7.5
CVSS Severity Score
EPSS Score0.0040%
EPSS Percentile34.78th
Published2004年4月30日
Last Modified2026年4月16日

Vulnerability Description

PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.

Affected Platforms (CPE)

📦
Coppermine

Coppermine Photo Gallery

= 1.0_rc3
📦
Coppermine

Coppermine Photo Gallery

= 1.1_.0
📦
Coppermine

Coppermine Photo Gallery

= 1.1_beta_2
📦
Coppermine

Coppermine Photo Gallery

= 1.2
📦
Coppermine

Coppermine Photo Gallery

= 1.2.1
📦
Coppermine

Coppermine Photo Gallery

= 1.2.2_b
📦
Francisco Burzi

Php Nuke

= 6.9
📦
Francisco Burzi

Php Nuke

= 7.0
📦
Francisco Burzi

Php Nuke

= 7.0_final
📦
Francisco Burzi

Php Nuke

= 7.1
📦
Francisco Burzi

Php Nuke

= 7.2

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=108360247732014&w=2
🔗 http://secunia.com/advisories/11524
🔗 http://securitytracker.com/id?1010001
🔗 http://www.osvdb.org/5912
🔗 http://www.securityfocus.com/bid/10253
🔗 http://www.waraxe.us/index.php?modname=sa&id=26
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/16041
🔗 http://marc.info/?l=bugtraq&m=108360247732014&w=2

関連する脆弱性情報

CVE-2007-141410.0

Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary P...

CVE-2004-19887.5

PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute a...

CVE-2004-19877.5

picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to ex...

CVE-2005-12257.5

SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the fa...