| VID |
21555 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of Coppermine Photo Gallery which is older or as old as than version 1.3.2 is detected as installed on the host. Coppermine Photo Gallery, developed by Gregory Demar, is a freely available PHP-based image gallery script that uses a MySQL backend database. Coppermine Photo Gallery versions 1.3.2 and earlier could allow a remote attacker to execute arbitrary SQL commands, caused by multiple vulnerabilities in the 'include/init.inc.php', 'include/functions.inc.php' and 'zipdownload.php' scripts. These vulnerabilities could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* Note: This check solely relied on the version number of the Coppermine Photo Gallery installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2005-04/0298.html
http://www.waraxe.us/advisory-42.html
* Platforms Affected:
Gregory Demar, Coppermine Photo Gallery versions 1.3.2 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Coppermine Photo Gallery (1.3.3 or later), available from the Coppermine Photo Gallery Web site at http://coppermine.sourceforge.net |
| Related URL |
CVE-2005-1225 (CVE) |
| Related URL |
13287,13289 (SecurityFocus) |
| Related URL |
20205,20208 (ISS) |
|
