FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

coppermine -- multiple vulnerabilities

Affected packages
coppermine < 1.4.13

Details

VuXML ID 12488805-6773-11dc-8be8-02e0185f8d72
Discovery 2007-09-14
Entry 2007-09-20
Modified 2010-05-12

The coppermine development team reports two vulnerabilities with the coppermine application. These vulnerabilities are caused by improper checking of the log variable in "viewlog.php" and improper checking of the referer variable in "mode.php". This could allow local file inclusion, potentially disclosing valuable information and could lead to an attacker conducting a cross site scripting attack against the targeted site.

References

CVE Name CVE-2007-4976
CVE Name CVE-2007-4977
URL http://coppermine-gallery.net/forum/index.php?topic=46847.0

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.