CVE-2006-6123 - OpenCVE

Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Coppermine	Coppermine Photo Gallery

Configuration 1 [-]

cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.8_stable:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html
http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html
http://secunia.com/advisories/20597
http://securityreason.com/securityalert/1914
http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133
http://www.osvdb.org/27618
https://exchange.xforce.ibmcloud.com/vulnerabilities/27376

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-26T23:00:00

Updated: 2024-08-07T20:12:31.771Z

Reserved: 2006-11-26T00:00:00

Link: CVE-2006-6123

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-11-26T23:07:00.000

Modified: 2017-07-29T01:29:20.343

Link: CVE-2006-6123

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "27618", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27618"}, {"name": "1914", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1914"}, {"name": "20060623 [KAPDA]Coppermine 1.4.8~Parameter Cleanup System ByPass~Registering Global Varables", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html"}, {"tags": ["x_refsource_MISC"], "url": "http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html"}, {"name": "20597", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20597"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133"}, {"name": "coppermine-init-security-bypass(27376)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27376"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6123", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "27618", "refsource": "OSVDB", "url": "http://www.osvdb.org/27618"}, {"name": "1914", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1914"}, {"name": "20060623 [KAPDA]Coppermine 1.4.8~Parameter Cleanup System ByPass~Registering Global Varables", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html"}, {"name": "http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html", "refsource": "MISC", "url": "http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html"}, {"name": "20597", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20597"}, {"name": "http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133", "refsource": "CONFIRM", "url": "http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133"}, {"name": "coppermine-init-security-bypass(27376)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27376"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:12:31.771Z"}, "title": "CVE Program Container", "references": [{"name": "27618", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/27618"}, {"name": "1914", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1914"}, {"name": "20060623 [KAPDA]Coppermine 1.4.8~Parameter Cleanup System ByPass~Registering Global Varables", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html"}, {"name": "20597", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20597"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133"}, {"name": "coppermine-init-security-bypass(27376)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27376"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6123", "datePublished": "2006-11-26T23:00:00", "dateReserved": "2006-11-26T00:00:00", "dateUpdated": "2024-08-07T20:12:31.771Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.8_stable:*:*:*:*:*:*:*", "matchCriteriaId": "51EBE501-3EA4-4F88-83C1-05F2198B6E9A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected."}, {"lang": "es", "value": "Coppermine Photo Gallery (CPG) 1.4.8 estable, con register_globals activado, permiet a un atacante remoto evitar la protecci\u00f3n XSS y asignar variables de su elecci\u00f3n a trav\u00e9s de una cadena de consulta que provoca que la variable se defina en un espacio global, con los separadores _GET, _REQUEST, u otros par\u00e1metros cr\u00edticos, el cual son desasignados por el esquema de protecci\u00f3n y previenen que la variable original pueda ser detectada."}], "id": "CVE-2006-6123", "lastModified": "2017-07-29T01:29:20.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-26T23:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0482.html"}, {"source": "cve@mitre.org", "url": "http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20597"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1914"}, {"source": "cve@mitre.org", "url": "http://svn.sourceforge.net/viewvc/coppermine?view=rev&revision=3133"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/27618"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27376"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}