Coppermine Photo Gallery *aid* SQL Injection Vulnerability SECUNIA ADVISORY ID: SA22625
VERIFY ADVISORY: http://secunia.com/advisories/22625/
CRITICAL: Less critical
IMPACT: Manipulation of data
WHERE: >From remote
SOFTWARE: Coppermine Photo Gallery 1.x - http://secunia.com/product/1427/
DESCRIPTION: w4ck1ng has reported a vulnerability in Coppermine Photo Gallery, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the "aid" parameter in picmgr.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.4.9. Other versions may also be affected.
SOLUTION: Update to version 1.4.10.
PROVIDED AND/OR DISCOVERED BY: w4ck1ng
ORIGINAL ADVISORY: http://coppermine-gallery.net/forum/index.php?topic=37895.0
Coppermine Photo Gallery *aid* SQL Injection VulnerabilityPosted on Wednesday, November 01, 2006 @ 01:03:08 CST in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
