CVE-2007-0115
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/01/2007
Last modified:
09/04/2025
Description
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.
Impact
Base Score 2.0
6.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:* | 1.4.10 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://acid-root.new.fr/poc/19070104.txt
- http://osvdb.org/33383
- http://securityreason.com/securityalert/2107
- http://www.attrition.org/pipermail/vim/2007-January/001218.html
- http://www.securityfocus.com/archive/1/456051/100/0/threaded
- http://acid-root.new.fr/poc/19070104.txt
- http://osvdb.org/33383
- http://securityreason.com/securityalert/2107
- http://www.attrition.org/pipermail/vim/2007-January/001218.html
- http://www.securityfocus.com/archive/1/456051/100/0/threaded