FreeBSD : coppermine -- multiple vulnerabilities (12488805-6773-11dc-8be8-02e0185f8d72)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The coppermine development team reports two vulnerabilities with the
coppermine application. These vulnerabilities are caused by improper
checking of the log variable in 'viewlog.php' and improper checking of
the referer variable in 'mode.php'. This could allow local file
inclusion, potentially disclosing valuable information and could lead
to an attacker conducting a cross site scripting attack against the
targeted site.

See also :

http://coppermine-gallery.net/forum/index.php?topic=46847.0
http://www.nessus.org/u?51079ba6

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 26084 (freebsd_pkg_12488805677311dc8be802e0185f8d72.nasl)

Bugtraq ID:

CVE ID: CVE-2007-4976
CVE-2007-4977

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now