vendor:
Coppermine Photo Gallery
by:
rgod
7.5
CVSS
HIGH
Arbitrary Local Inclusion
94
CWE
Product Name: Coppermine Photo Gallery
Affected Version From: 1.4.2003
Affected Version To: 1.4.2003
Patch Exists: YES
Related CWE: N/A
CPE: a:coppermine:coppermine_photo_gallery
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Apache
2005
Coppermine Photo Gallery <= 1.4.3 remote commands execution
This exploit allows an attacker to execute arbitrary commands on a vulnerable Coppermine Photo Gallery version 1.4.3 or lower. The exploit works by uploading a malicious .zip file with php code inside a personal album folder and then including it. After the first run, if successful, the attacker can launch commands manually.
Mitigation:
Upgrade to the latest version of Coppermine Photo Gallery.