forum.coppermine-gallery.net
Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: tuxsoul on June 23, 2006, 11:50:25 pm
-
Hi, how ever i can show this report's that see in the web:
ORIGINAL ADVISORY:
http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html
VENDOR INFORMED
������-Summary�����-
Software: CPG Coppermine Photo Gallery
Sowtware�s Web Site: http://coppermine.sourceforge.net/
Versions: 1.4.8.stable
Class: Remote
Status: Unpatched
Exploit: Available
Discovered by: imei addmimistrator
Risk Level: Mediume
������Description�����
Coppermine Photo Gallery has a logical design fault that will result to bypassing anti-XSS-Injection�RegGlobal-System.
SEE ORIGINAL ADVISORY FOR MORE DETAILES
How ever thank's to dev team for check and fix's this possibles issues :-D
-
As the advisory you posted clearly says: "VENDOR INFORMED" (the vendor is the Coppermine dev team). The dev team is on top of this. "imei" was very kind to contact us personally about these issues.
-
And now this has been fixed in SVN.