Coppermine Photo Gallery Multiple Vulnerabilities

Posted on Tuesday, May 19, 2009 @ 17:25:49 PDT in Security
by Raven

SECUNIA ADVISORY ID: SA35144

VERIFY ADVISORY: http://secunia.com/advisories/35144/

CRITICAL: Moderately Critical

DESCRIPTION: girex has discovered some vulnerabilities in Coppermine Photo Gallery, which can be exploited by malicious people to conduct SQL injection attacks, disclose sensitive information, or potentially compromise a vulnerable system. The vulnerabilities are confirmed in version 1.4.22. Other versions may also be affected.

1) Input passed via the "GLOBALS[cat]" parameter in thumbnails.php (if "album" is set to "alpha") is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled and "register_globals" is enabled.

2) Input passed to the "GLOBALS[USER][lang]" parameter is not properly sanitised before being used to includes files. This can be exploited to include arbitrary files from local resources via a specially crafted request containing directory traversal sequences and a URL-encoded NULL byte. Successful exploitation allows execution of arbitrary PHP code, but requires privileges to upload files, and that "magic_quotes_gpc" is disabled and "register_globals" is enabled.

SOLUTION: Set "magic_quotes_gpc" to "On" and "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY: girex

ORIGINAL ADVISORY: http://milw0rm.com/exploits/8713
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 352,708,312
  • Today: 16,950
Server InfoServer Info
  • Apr 21, 2018
  • 06:02 am PDT
 
 

Daily Inspiration