CVE-2008-0506

{"id": "CVE-2008-0506", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-01-31T20:00:00.000", "references": [{"url": "http://coppermine-gallery.net/forum/index.php?topic=50103.0", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28682", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/487310/100/200/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27512", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019286", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0367", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.waraxe.us/advisory-65.html", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/5019", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php."}, {"lang": "es", "value": "El archivo include/imageObjectIM.class.php en Coppermine Photo Gallery (CPG) versiones anteriores a 1.4.15, cuando el m\u00e9todo de procesamiento de im\u00e1genes de ImageMagick es configurado, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en el par\u00e1metro (1) quality, (2) angle o (3) clipval en el archivo picEditor.php."}], "lastModified": "2018-10-15T22:00:57.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95F6AC5A-EA42-4B35-891A-C42527F29C67", "versionEndIncluding": "1.4.14"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}