Title : Coppermine Photo Gallery Multiple Remote File Inclusion Vulnerabilities VUPEN ID : VUPEN/ADV-2006-0669 CVE ID : CVE-2006-0872 - CVE-2006-0873
Rated as : High Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-02-20
Technical Description
Two vulnerabilities were identified in Coppermine Photo Gallery, which may be exploited by attackers to execute arbitrary commands. These flaws are due to input validation errors in the "include/init.inc.php" and "docs/showdoc.php" scripts that fail to properly validate the "lang" and "f" parameters, which could be exploited by remote attackers to include malicious files and execute arbitrary commands with the privileges of the web server.
