Описание
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-0506
- https://www.exploit-db.com/exploits/5019
- http://coppermine-gallery.net/forum/index.php?topic=50103.0
- http://secunia.com/advisories/28682
- http://www.securityfocus.com/archive/1/487310/100/200/threaded
- http://www.securityfocus.com/bid/27512
- http://www.securitytracker.com/id?1019286
- http://www.vupen.com/english/advisories/2008/0367
- http://www.waraxe.us/advisory-65.html
Связанные уязвимости
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.