New posible SQL injection in 4.10 last version coppermine .... New posible SQL injection in 4.10 last version coppermine ....
 

News:

CPG Release 1.6.27
change DB IP storage fields to accommodate IPv6 addresses
remove use of E_STRICT (PHP 8.4 deprecated)
update README to reflect new website
align code with new .com CPG website
correct deprecation in captcha

Main Menu

New posible SQL injection in 4.10 last version coppermine ....

Started by tuxsoul, January 06, 2007, 01:33:07 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

tuxsoul

January 06, 2007, 01:33:07 AM
Hi, checkin in de bugtracks system, i see this exploid to use in coppermine gallery, can the developers check this exploid please ?

http://www.securityfocus.com/archive/1/456051/30/0/threaded

greetings sorry my english is bad  :P
¿do you like my comment?, gift me one bitcoin: 1266FWznbEW1uLNPsLU9ATBxGuM1U19thB
bitcoin pay forward project: 15pjRCNT2CpzVo7HQ6b6r4q18Vv4Da7y9K

Nibbler

#1
January 06, 2007, 01:46:12 AM
The SQL vulnerability can only be exploited by those who already have an admin account. It poses little danger.

Tarique Sani

#2
January 06, 2007, 07:54:18 AM
+1 to what Nibbler said, no immediate threat but will be fixed in future versions
SANIsoft PHP applications for E Biz
Print
Go Up Pages1
User actions