CVE-2006-6123 - OpenCVE

Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Coppermine	Coppermine Photo Gallery

Configuration 1 [-]

cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.8_stable:*:*:*:*:*:*:*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html
http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html
http://secunia.com/advisories/20597	Vendor Advisory
http://securityreason.com/securityalert/1914
http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133
http://www.osvdb.org/27618
https://exchange.xforce.ibmcloud.com/vulnerabilities/27376

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-26T23:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2006-11-26T00:00:00

Link: CVE-2006-6123

JSON object: View

NVD Information

Status : Modified

Published: 2006-11-26T23:07:00.000

Modified: 2017-07-29T01:29:20.343

Link: CVE-2006-6123

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "27618", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27618"}, {"name": "1914", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1914"}, {"name": "20060623 [KAPDA]Coppermine 1.4.8~Parameter Cleanup System ByPass~Registering Global Varables", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html"}, {"tags": ["x_refsource_MISC"], "url": "http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html"}, {"name": "20597", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20597"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133"}, {"name": "coppermine-init-security-bypass(27376)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27376"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6123", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "27618", "refsource": "OSVDB", "url": "http://www.osvdb.org/27618"}, {"name": "1914", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1914"}, {"name": "20060623 [KAPDA]Coppermine 1.4.8~Parameter Cleanup System ByPass~Registering Global Varables", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html"}, {"name": "http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html", "refsource": "MISC", "url": "http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html"}, {"name": "20597", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20597"}, {"name": "http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133", "refsource": "CONFIRM", "url": "http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133"}, {"name": "coppermine-init-security-bypass(27376)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27376"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6123", "datePublished": "2006-11-26T23:00:00", "dateReserved": "2006-11-26T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.8_stable:*:*:*:*:*:*:*", "matchCriteriaId": "51EBE501-3EA4-4F88-83C1-05F2198B6E9A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected."}, {"lang": "es", "value": "Coppermine Photo Gallery (CPG) 1.4.8 estable, con register_globals activado, permiet a un atacante remoto evitar la protecci\u00f3n XSS y asignar variables de su elecci\u00f3n a trav\u00e9s de una cadena de consulta que provoca que la variable se defina en un espacio global, con los separadores _GET, _REQUEST, u otros par\u00e1metros cr\u00edticos, el cual son desasignados por el esquema de protecci\u00f3n y previenen que la variable original pueda ser detectada."}], "id": "CVE-2006-6123", "lastModified": "2017-07-29T01:29:20.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-26T23:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html"}, {"source": "cve@mitre.org", "url": "http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20597"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1914"}, {"source": "cve@mitre.org", "url": "http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/27618"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27376"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}