More possible issues in Coppermine Gallery ... More possible issues in Coppermine Gallery ...
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

More possible issues in Coppermine Gallery ...

Started by tuxsoul, June 23, 2006, 11:50:25 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

tuxsoul

June 23, 2006, 11:50:25 PM
Hi, how ever i can show this report's that see in the web:

ORIGINAL ADVISORY:
http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html
VENDOR INFORMED
������-Summary�����-
Software: CPG Coppermine Photo Gallery
Sowtware�s Web Site: http://coppermine.sourceforge.net/
Versions: 1.4.8.stable
Class: Remote
Status: Unpatched
Exploit: Available
Discovered by: imei addmimistrator
Risk Level: Mediume
������Description�����
Coppermine Photo Gallery has a logical design fault that will result to bypassing anti-XSS-Injection�RegGlobal-System.


SEE ORIGINAL ADVISORY FOR MORE DETAILES


How ever thank's to dev team for check and fix's this possibles issues :-D
¿do you like my comment?, gift me one bitcoin: 1266FWznbEW1uLNPsLU9ATBxGuM1U19thB
bitcoin pay forward project: 15pjRCNT2CpzVo7HQ6b6r4q18Vv4Da7y9K

Paver

#1
June 24, 2006, 03:28:32 AM
As the advisory you posted clearly says: "VENDOR INFORMED" (the vendor is the Coppermine dev team).  The dev team is on top of this.  "imei" was very kind to contact us personally about these issues.

Abbas Ali

#2
June 24, 2006, 08:05:04 AM
And now this has been fixed in SVN.
Chief Geek at Ranium Systems
Print
Go Up Pages1
User actions