| VID |
21295 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Coppermine Photo Gallery installed on the Web server is vulnerable to multiple vulnerabilities.
Coppermine Photo Gallery, developed by Gregory Demar, is a freely available PHP-based image gallery script that uses a MySQL backend database. Several vulnerabilities were reported in Coppermine Photo Gallery versions 1.2.2b and 1.2.0 RC4. A remote attacker can execute arbitrary PHP code on the target system, conduct cross-site scripting attacks, and determine the installation path. A remote attacker with PHP-Nuke administrative privileges can also to execute arbitrary shell commands on the system.
* References:
http://secunia.com/advisories/11524/
http://www.securitytracker.com/alerts/2004/Apr/1010001.html
* Platforms Affected:
Gregory Demar, Coppermine Photo Gallery 1.2.0 RC4
Gregory Demar, Coppermine Photo Gallery 1.2.2b
Microsoft Windows Any version
Unix Any version |
| Recommendation |
No patch or upgrade available as of June 2014. |
| Related URL |
CVE-2004-1985,CVE-2004-1986,CVE-2004-1987,CVE-2004-1988,CVE-2004-1989 (CVE) |
| Related URL |
10253 (SecurityFocus) |
| Related URL |
16039,16040,16041,16042,16043 (ISS) |
|
