Vulnerability Description
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Coppermine | Coppermine Photo Gallery | <= 1.4.10 |
References
- http://osvdb.org/33094
- http://secunia.com/advisories/24019Vendor Advisory
- http://www.securityfocus.com/bid/22409
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32233
- http://osvdb.org/33094
- http://secunia.com/advisories/24019Vendor Advisory
- http://www.securityfocus.com/bid/22409
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32233
FAQ
What is CVE-2007-0836?
CVE-2007-0836 is a vulnerability with a CVSS score of 4.0 (MEDIUM). admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" a...
How severe is CVE-2007-0836?
CVE-2007-0836 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0836?
Check the references section above for vendor advisories and patch information. Affected products include: Coppermine Coppermine Photo Gallery.