FreeBSD : coppermine -- Multiple File Extensions Vulnerability (0b628470-e9a6-11da-b9f4-00123ffe8333)
High Nessus Plugin ID 21585
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSecunia reports :
Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to an error in the handling of file uploads where a filename has multiple file extensions. This can be exploited to upload malicious script files inside the web root (e.g. a PHP script).
Successful exploitation may allow execution of script code depending on the HTTP server configuration (it requires e.g. an Apache server with the 'mod_mime' module installed).
SolutionUpdate the affected package.