Text only | Text with Images

coppermine-gallery.com/forum

Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: tuxsoul on January 06, 2007, 01:33:07 AM

Title: New posible SQL injection in 4.10 last version coppermine ....
Post by: tuxsoul on January 06, 2007, 01:33:07 AM
Hi, checkin in de bugtracks system, i see this exploid to use in coppermine gallery, can the developers check this exploid please ?

http://www.securityfocus.com/archive/1/456051/30/0/threaded (http://www.securityfocus.com/archive/1/456051/30/0/threaded)

greetings sorry my english is bad  :P
Title: Re: New posible SQL injection in 4.10 last version coppermine ....
Post by: Nibbler on January 06, 2007, 01:46:12 AM
The SQL vulnerability can only be exploited by those who already have an admin account. It poses little danger.
Title: Re: New posible SQL injection in 4.10 last version coppermine ....
Post by: Tarique Sani on January 06, 2007, 07:54:18 AM
+1 to what Nibbler said, no immediate threat but will be fixed in future versions
Text only | Text with Images