CVE-2007-0115: Code Injection
First published: Tue Jan 09 2007(Updated: )
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Coppermine Coppermine Photo Gallery | <=1.4.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-0115?
CVE-2007-0115 is considered a critical vulnerability due to its ability to allow remote code execution by authenticated users.
How do I fix CVE-2007-0115?
To fix CVE-2007-0115, you should upgrade to Coppermine Photo Gallery version 1.4.11 or later.
What are the potential impacts of CVE-2007-0115?
The potential impacts of CVE-2007-0115 include unauthorized execution of arbitrary PHP code and compromise of the application server.
Who is affected by CVE-2007-0115?
CVE-2007-0115 affects all users of Coppermine Photo Gallery version 1.4.10 and earlier with admin access.
Can CVE-2007-0115 be exploited remotely?
Yes, CVE-2007-0115 can be exploited remotely by authenticated administrators.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- agent/source
- vendor/coppermine
- canonical/coppermine coppermine photo gallery
- version/coppermine coppermine photo gallery/1.4.10