CVE-2007-0835

Name of the Vulnerable Software and Affected Versions: Coppermine Photo Gallery version 1.4.10

Description: The issue allows remote authenticated users to execute arbitrary shell commands. This is achieved by injecting shell metacharacters, such as a semicolon (;), into the Command line options for ImageMagick form field. The vulnerability is exploited when this field is used as an option to ImageMagick's convert command.

Recommendations: For Coppermine Photo Gallery version 1.4.10, consider restricting access to the admin.php file and the Command line options for ImageMagick form field to minimize the risk of exploitation. As a temporary workaround, avoid using the semicolon (;) character in the Command line options for ImageMagick form field until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.