FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-4976

This CVE name corresponds to:

Entered Topic
2007-09-20 coppermine -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-4976
Phase Assigned(20070919)

Description

Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.

References

Source Reference
BUGTRAQ 20070917 Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion
CONFIRM http://coppermine-gallery.net/forum/index.php?topic=46847.0
BID 25698
VUPEN ADV-2007-3194
OSVDB 37101
SECTRACK 1018704
SECUNIA 26843
SREASON 3152
XF coppermine-viewlog-file-include(36660)