Topic: More possible issues in Coppermine Gallery ... (Read 3269 times)

tuxsoul · « **on:** June 23, 2006, 11:50:25 pm »

Hi, how ever i can show this report's that see in the web:

ORIGINAL ADVISORY:
http://myimei.com/security/2006-06-20/coppermine-148parameter-cleanup-system-bypassregistering-global-varables.html
VENDOR INFORMED
��-Summary��-
Software: CPG Coppermine Photo Gallery
Sowtware�s Web Site: http://coppermine.sourceforge.net/
Versions: 1.4.8.stable
Class: Remote
Status: Unpatched
Exploit: Available
Discovered by: imei addmimistrator
Risk Level: Mediume
��Description��
Coppermine Photo Gallery has a logical design fault that will result to bypassing anti-XSS-Injection�RegGlobal-System.

SEE ORIGINAL ADVISORY FOR MORE DETAILES

How ever thank's to dev team for check and fix's this possibles issues :-D

Paver · « **Reply #1 on:** June 24, 2006, 03:28:32 am »

As the advisory you posted clearly says: "VENDOR INFORMED" (the vendor is the Coppermine dev team). The dev team is on top of this. "imei" was very kind to contact us personally about these issues.

Abbas Ali · « **Reply #2 on:** June 24, 2006, 08:05:04 am »

And now this has been fixed in SVN.

News:

Author Topic: More possible issues in Coppermine Gallery ... (Read 3269 times)

tuxsoul

More possible issues in Coppermine Gallery ...

Paver

Re: More possible issues in Coppermine Gallery ...

Abbas Ali

Re: More possible issues in Coppermine Gallery ...