More possible issues in Coppermine Gallery ... More possible issues in Coppermine Gallery ...
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

More possible issues in Coppermine Gallery ...

Started by tuxsoul, June 23, 2006, 11:50:25 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

tuxsoul

Hi, how ever i can show this report's that see in the web:

ORIGINAL ADVISORY:
http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html
VENDOR INFORMED
������-Summary�����-
Software: CPG Coppermine Photo Gallery
Sowtware�s Web Site: http://coppermine.sourceforge.net/
Versions: 1.4.8.stable
Class: Remote
Status: Unpatched
Exploit: Available
Discovered by: imei addmimistrator
Risk Level: Mediume
������Description�����
Coppermine Photo Gallery has a logical design fault that will result to bypassing anti-XSS-Injection�RegGlobal-System.


SEE ORIGINAL ADVISORY FOR MORE DETAILES


How ever thank's to dev team for check and fix's this possibles issues :-D
¿do you like my comment?, gift me one bitcoin: 1266FWznbEW1uLNPsLU9ATBxGuM1U19thB
bitcoin pay forward project: 15pjRCNT2CpzVo7HQ6b6r4q18Vv4Da7y9K

Paver

As the advisory you posted clearly says: "VENDOR INFORMED" (the vendor is the Coppermine dev team).  The dev team is on top of this.  "imei" was very kind to contact us personally about these issues.

Abbas Ali

Chief Geek at Ranium Systems