CNNVD-202512-2649 Information
CNNVD ID
CNNVD-202512-2649
Related CVE
- CNNVD Published: 2025-12-15
Description (Chinese)
Coppermine Photo Gallery(CPG)是Coppermine团队的一套使用PHP编写的基于Web的相册管理系统。该系统提供用户管理、相册密码访问限制和自动生成缩略图等功能。 Coppermine Photo Gallery 1.6.25版本存在安全漏洞,该漏洞源于插件管理器存在远程代码执行漏洞,可能导致上传恶意PHP文件并执行任意代码。
Description (English)
Coppermine Photto Galery (CPG) is a Web-based album management system developed by the Coppermine team using PHP. The system provides features such as user administration, album password access limits and automatic thumbnail generation. There is a security loophole in version 1.6.25 of Coppermine Photto Gallery, which stems from the remote code enforcement gap in the plugin manager, which could lead to the uploading of malicious PHP files and the implementation of any code.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Coppermine
Published
2025-12-15
Last Modified
2026-02-24
References
https://www.vulncheck.com/advisories/coppermine-gallery-remote-code-execution-via-plugin-upload https://coppermine-gallery.net/ https://web.archive.org/web/20240101151648/ https://www.exploit-db.com/exploits/51738 https://access.redhat.com/security/cve/cve-2023-53868
Patch
https://github.com/coppermine-gallery/cpg1.6.x/releases
Share on: