|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Coppermine Photo Gallery < 1.3.2 Multiple Vulnerabilities Vulnerability Assessment Details
|
Coppermine Photo Gallery < 1.3.2 Multiple Vulnerabilities |
||
Checks for version of Coppermine Photo Gallery Detailed Explanation for this Vulnerability Assessment Summary : The remote web server contains a PHP application that is affected by multiple issues. Description : According to its version number, the version of Coppermine Photo Gallery installed on the remote host suffers from multiple SQL injection vulnerabilities due to its failure to sanitize user-supplied cookie data before using it in SQL queries in the scripts 'include/functions.inc.php' as well as 'zipdownload.php'. A possible hacker may be able to use the first flaw to reveal sensitive data and the second to download any file accessible to the web server userid on the remote host, although access to 'zipdownload.php' is not enabled by default. In addition, the application reportedly stores passwords in its database as plaintext. A attacker who successfully exploits one of the SQL injection flaws above is likely to easily gain control of the affected application. See also : http://www.waraxe.us/advisory-42.html http://marc.theaimsgroup.com/?l=bugtraq&m=111402186304179&w=2 http://coppermine-gallery.net/forum/index.php?topic=17134 Solution : Upgrade to Coppermine Photo Gallery version 1.3.3 or later. Network Security Threat Level: Low / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) Networks Security ID: 13287, 13289 Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2006 Tenable Network Security |
||
Cables, Connectors |
ACASIS 2.5/3.5 inch 2 Bay SATA USB 3.0 Hard Drive Disk HDD SSD Enclosure 4 RAID
$58.99
M.2 NVME SATA SSD Enclosure USB 3.2 Gen 2 10Gbps for M-Key or M+B Key SSD to 8TB
$40.86
WD 500GB My Passport SSD, Portable External Solid State Drive WDBAGF5000ARD-WESN
$59.99
N85XX DELL 3.84TB SAS 12GB/S ENTERPRISE SOLID STATE DRIVE (W/ 14TH GEN CADDY)
$389.95
Patriot P210 128GB 256GB 512GB 1TB 2TB 2.5" SATA 3 6GB/s Internal SSD PC/MAC Lot
$14.99
Netac 1TB 2TB 512GB Internal SSD 2.5'' SATA III 6Gb/s Solid State Drive lot
$13.99
Western Digital SN730 256GB M.2 GEN 3x4 PCIe NVMe Solid State Drive SSD 0H22WD
$14.99
Fanxiang SSD 512GB 1TB 2TB 4TB 2.5'' SSD SATA III Internal Solid State Drive lot
$13.99
Fanxiang SSD 512GB 1TB 2TB 4TB 2.5''SATA III Internal Solid State Hard Drive LOT
$188.99
M.2 NVMe SSD 128GB 256GB 512GB Single Notch with Windows Installed 10 / 11
$80.99
|
||
No Discussions have been posted on this vulnerability. |