CVE-2007-0115 in Photo Galleryinfo

Summary

by MITRE

Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 10/03/2017

The CVE-2007-0115 vulnerability represents a critical static code injection flaw within the Coppermine Photo Gallery version 1.4.10 and earlier systems. This vulnerability specifically targets authenticated administrator accounts and exploits a fundamental weakness in how the application handles user input within error message generation processes. The flaw exists in the interaction between multiple components including the login.php script, security.log.php error handling mechanism, and the viewlog.php interface that allows access to logged security events.

The technical exploitation of this vulnerability occurs through a carefully crafted username parameter that gets processed through the login system and subsequently injected into error messages stored within the security.log.php file. When an administrator accesses the viewlog.php interface to review security logs, the maliciously crafted username data is rendered within the error message context, creating an environment where arbitrary PHP code execution becomes possible. This represents a classic server-side request forgery scenario where user input intended for authentication purposes is improperly sanitized and later executed within the web application's context.

The operational impact of this vulnerability is severe as it allows authenticated administrators to escalate their privileges and execute arbitrary code on the target system. The attack vector requires only a valid administrator account, making it particularly dangerous in environments where administrative credentials might be compromised or where the application is accessible to untrusted users. The vulnerability directly violates the principle of least privilege and demonstrates poor input validation practices that enable code injection attacks. This flaw aligns with CWE-94, which specifically addresses "Improper Control of Generation of Code ('Code Injection')" and can be mapped to ATT&CK technique T1059.001 for "Command and Scripting Interpreter: PowerShell" or similar execution techniques.

The attack chain begins with an authenticated administrator accessing the login functionality with malicious input, proceeds through the error message generation process, and concludes when the compromised log file is viewed through the administrative interface. This vulnerability underscores the importance of proper input sanitization and output encoding throughout all application layers, particularly in error handling and logging mechanisms where user-supplied data may be displayed. Organizations should implement comprehensive input validation, utilize parameterized queries, and ensure proper context-aware output encoding to prevent similar vulnerabilities from being exploited. The vulnerability also highlights the need for regular security assessments and code reviews to identify potential injection points within web applications that may not be immediately obvious during initial development phases.

Reservation

01/08/2007

Disclosure

01/08/2007

Moderation

accepted

Entry

VDB-34277

CPE

ready

EPSS

0.01087

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!