CVE-2008-0506 Information

Description

include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15 when the ImageMagick picture processing method is configured allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality (2) angle or (3) clipval parameter to picEditor.php.

Reference

http://coppermine-gallery.net/forum/index.php?topic=50103.0 http://secunia.com/advisories/28682 http://www.securityfocus.com/archive/1/487310/100/200/threaded http://www.securityfocus.com/bid/27512 http://www.securitytracker.com/id?1019286 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-65.html https://www.exploit-db.com/exploits/5019