FreeBSD : coppermine -- Multiple File Extensions Vulnerability (0b628470-e9a6-11da-b9f4-00123ffe8333)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

Coppermine Photo Gallery have a vulnerability, which can be exploited
by malicious users to compromise a vulnerable system.

The vulnerability is caused due to an error in the handling of file
uploads where a filename has multiple file extensions. This can be
exploited to upload malicious script files inside the web root (e.g. a
PHP script).

Successful exploitation may allow execution of script code depending
on the HTTP server configuration (it requires e.g. an Apache server
with the 'mod_mime' module installed).

See also :

http://www.nessus.org/u?a85fd211
http://www.nessus.org/u?8840704b

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21585 (freebsd_pkg_0b628470e9a611dab9f400123ffe8333.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now