CVE-2007-4976 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-4976
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4976

Description: Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/36660 ST 1018704 SREASON http://securityreason.com/securityalert/3152 SAID Secunia Advisory: SA26843 OSVDB 37101 CONFIRM http://coppermine-gallery.net/forum/index.php?topic=46847.0 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/479757/100/0/threaded BID 25698

Return to the previous page.