Signature Detail
Short Name |
HTTP:PHP:COPPERMINE-RCE |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Coppermine Photo Gallery Remote Command Execution |
Release Date |
2011/11/16 |
Update Number |
2031 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Coppermine Photo Gallery Remote Command Execution
This signature detects attempts to exploit a known vulnerability against shell metacharacters in Coppermine Photo Gallery. It is due to insufficient validation of user-supplied input. Malicious users can execute arbitrary shell commands at the same privilege level as the Web server.
Extended Description
Coppermine Photo Gallery is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected application and the underlying server. Versions prior to Coppermine Photo Gallery 1.4.15 are vulnerable to these issues.
Affected Products
- Coppermine Photo Gallery 1.4.10
- Coppermine Photo Gallery 1.4.11
- Coppermine Photo Gallery 1.4.12
- Coppermine Photo Gallery 1.4.13
- Coppermine Photo Gallery 1.4.14
References
- BugTraq: 27512
- CVE: CVE-2008-0506