Jump to content
xisto Community
Sign in to follow this  
jlhaslip

Coppermine Photo Gallery - Security Alert For members using this script

Recommended Posts

As reported:

TITLE:Coppermine Photo Gallery Multiple File Extensions Vulnerability

SECUNIA ADVISORY ID:
SA20211

VERIFY ADVISORY:
http://secunia.com/advisories/20211/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Coppermine Photo Gallery 1.x
http://secunia.com/community/

DESCRIPTION:
A vulnerability has been reported in Coppermine Photo Gallery, which
can be exploited by malicious users to compromise a vulnerable
system.

The vulnerability is caused due to an error in the handling of file
uploads where a filename has multiple file extensions. This can be
exploited to upload malicious script files inside the web root (e.g.
a PHP script).

Successful exploitation may allow execution of script code depending
on the HTTP server configuration (it requires e.g. an Apache server
with the "mod_mime" module installed).

The vulnerability has been reported in version 1.4.5. Prior versions
may also be affected.

SOLUTION:
Update to version 1.4.6.
https://sourceforge.net/projects/coppermine/files/

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.


Share this post


Link to post
Share on other sites

Thanks for the info, i don't use it, but i have 2 friends that do.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.