返回 CVE 浏览器

CVE-2007-1414

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0600%

EPSS Percentile9.26th

Published2007年3月12日

Last Modified2026年4月23日

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.

Affected Platforms (CPE)

📦

Coppermine

Coppermine Photo Gallery

All versions

References & Advisories

🔗 http://securityreason.com/securityalert/2416

🔗 http://www.osvdb.org/35065

🔗 http://www.osvdb.org/35066

🔗 http://www.osvdb.org/35067

🔗 http://www.osvdb.org/35068

🔗 http://www.osvdb.org/35069

🔗 http://www.osvdb.org/35070

🔗 http://www.securityfocus.com/archive/1/462322/100/0/threaded

相关漏洞威胁

CVE-2004-19897.5

PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitra...

CVE-2004-19887.5

PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute a...

CVE-2004-19877.5

picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to ex...

CVE-2005-12257.5

SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the fa...