Ravens PHP Scripts

Coppermine Photo Gallery *aid* SQL Injection Vulnerability
Date: Wednesday, November 01, 2006 @ 01:03:08 CST
Topic: Security

Coppermine Photo Gallery *aid* SQL Injection Vulnerability SECUNIA ADVISORY ID: SA22625

VERIFY ADVISORY: http://secunia.com/advisories/22625/

CRITICAL: Less critical

IMPACT: Manipulation of data

WHERE: >From remote

SOFTWARE: Coppermine Photo Gallery 1.x - http://secunia.com/product/1427/

DESCRIPTION: w4ck1ng has reported a vulnerability in Coppermine Photo Gallery, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the "aid" parameter in picmgr.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.4.9. Other versions may also be affected.

SOLUTION: Update to version 1.4.10.

PROVIDED AND/OR DISCOVERED BY: w4ck1ng

ORIGINAL ADVISORY: http://coppermine-gallery.net/forum/index.php?topic=37895.0







This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com

The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2483