CVE-2007-0115

Name of the Vulnerable Software and Affected Versions Coppermine Photo Gallery versions 1.4.10 and earlier

Description The issue allows remote authenticated administrators to execute arbitrary PHP code. This is achieved by injecting code into the username variable in the login.php file, which is then stored in an error message in security.log.php. An attacker can access the injected code using viewlog.php.

Recommendations For Coppermine Photo Gallery versions 1.4.10 and earlier, update to a version later than 1.4.10 to resolve the issue. As a temporary workaround, consider restricting access to viewlog.php and security.log.php to minimize the risk of exploitation. Avoid using the username variable in the affected login.php file until the issue is resolved.