TITLE: Coppermine Photo Gallery "add_hit()" SQL Injection
SECUNIA ADVISORY ID: SA20597
VERIFY ADVISORY: http://secunia.com/advisories/20597/
CRITICAL: Moderately critical
IMPACT: Manipulation of data
WHERE: >From remote
SOFTWARE: Coppermine Photo Gallery 1.x
http://secunia.com/product/1427/
DESCRIPTION: imei addmimistrator has discovered two vulnerabilities in Coppermine Photo Gallery, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "referer" and "user-agent" HTTP headers isn't properly sanitised before being used in a SQL query in the "add_hit()" function. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation requires that "magic_quotes_gpc" is disabled and that the "Keep detailed hit statistics" setting is enabled (not enabled by default).
The vulnerabilities have been confirmed in version 1.4.8. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised. Disable the "Keep detailed hit statistics" setting.
PROVIDED AND/OR DISCOVERED BY: imei addmimistrator
ORIGINAL ADVISORY
Coppermine Photo Gallery *add_hit()* SQL InjectionPosted on Tuesday, June 13, 2006 @ 16:04:15 CDT in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
