CVE-2007-1414

Name of the Vulnerable Software and Affected Versions Coppermine Photo Gallery (CPG) (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary PHP code via specific parameters in various PHP files. This can be achieved by manipulating the cmd parameter in image processor.php or picmgmt.inc.php, or the path parameter in include/functions.php, include/plugin api.inc.php, index.php, or pluginmgr.php.

Recommendations For Coppermine Photo Gallery (CPG), consider restricting access to the cmd parameter in image processor.php and picmgmt.inc.php, as well as the path parameter in include/functions.php, include/plugin api.inc.php, index.php, and pluginmgr.php until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.