CVE-2006-6123

Name of the Vulnerable Software and Affected Versions Coppermine Photo Gallery (CPG) version 1.4.8 stable

Description The issue allows remote attackers to bypass XSS protection and set arbitrary variables via a query string. This is possible when register globals is enabled, causing variables to be defined in global space. The protection scheme unsets certain parameters, such as GET, REQUEST, or other critical parameters, which prevents the original variable from being detected.

Recommendations For Coppermine Photo Gallery (CPG) version 1.4.8 stable, consider disabling the register globals setting to prevent the exploitation of this issue. As a temporary workaround, restrict access to critical parameters, such as GET and REQUEST, to minimize the risk of arbitrary variable setting.