Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Coppermine Photo Gallery 认证绕过漏洞
Vulnerability Description
Coppermine Photo Gallery (CPG) 1.4.8 stable版本,当系统启用register_globals时,远程攻击者可通过一个query字符串,使得系统在全域空间内定义变量(带有单独的_GET、_REQUEST或其他关键参数,而这些参数在保护模式中没有设置,且阻止初始变量被侦测到),从而绕过XSS保护并设置任意变量。
CVSS Information
N/A
Vulnerability Type
N/A