Coppermine Photo Gallery - Security Alert For members using this script

[jlhaslip 4]

As reported:

TITLE:Coppermine Photo Gallery Multiple File Extensions Vulnerability

SECUNIA ADVISORY ID:
SA20211

VERIFY ADVISORY:
http://secunia.com/advisories/20211/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Coppermine Photo Gallery 1.x
http://secunia.com/community/

DESCRIPTION:
A vulnerability has been reported in Coppermine Photo Gallery, which
can be exploited by malicious users to compromise a vulnerable
system.

The vulnerability is caused due to an error in the handling of file
uploads where a filename has multiple file extensions. This can be
exploited to upload malicious script files inside the web root (e.g.
a PHP script).

Successful exploitation may allow execution of script code depending
on the HTTP server configuration (it requires e.g. an Apache server
with the "mod_mime" module installed).

The vulnerability has been reported in version 1.4.5. Prior versions
may also be affected.

SOLUTION:
Update to version 1.4.6.
https://sourceforge.net/projects/coppermine/files/

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

[Lyon2 0]

Thanks for the info, i don't use it, but i have 2 friends that do.