HTTP: Coppermine Photo Gallery Remote Command Execution
This signature detects attempts to exploit a known vulnerability against shell metacharacters in Coppermine Photo Gallery. It is due to insufficient validation of user-supplied input. Malicious users can execute arbitrary shell commands at the same privilege level as the Web server.
Extended Description
Coppermine Photo Gallery is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected application and the underlying server. Versions prior to Coppermine Photo Gallery 1.4.15 are vulnerable to these issues.
Affected Products
Coppermine photo_gallery
References
BugTraq: 27512
CVE: CVE-2008-0506
URL: http://forum.coppermine-gallery.net/index.php?topic=50103.0
Short Name
HTTP:PHP:COPPERMINE-RCE
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2008-0506 Command Coppermine Execution Gallery Photo Remote bid:27512
Release Date
11/16/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Coppermine
CVSS Score
6.8