icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Coppermine Gallery < 1.3.4 displayimage.php HTML Injection

Medium

Synopsis

The remote host is vulnerable to an HTML Injection attack.

Description

The remote host is running CopperMine Gallery, a set of PHP scripts to handle galleries of pictures. There is an injection flaw in this version of Coppermine Gallery. Specifically, the 'displayimage.php' script does not properly sanitize user-supplied images prior to rendering. An attacker exploiting this flaw can run arbitrary code within the browser of unsuspecting users.

Solution

Upgrade to version 1.3.4 or higher.