CVE Vulnerabilities

CVE-2006-6123

Published: Nov 26, 2006 | Modified: Jul 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.6 LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.

Affected Software

Name Vendor Start Version End Version
Coppermine_photo_gallery Coppermine 1.4.8_stable 1.4.8_stable

References