FreeBSD : coppermine -- File Inclusion Vulnerabilities (77cceaef-e9a4-11da-b9f4-00123ffe8333)
Medium Nessus Plugin ID 21587
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSecunia reports :
Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people and by malicious users to compromise a vulnerable system.
1) Input passed to the 'lang' parameter in include/init.inc.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. The vulnerability can be further exploited by users who are allowed to upload image files to execute arbitrary PHP code.
2) Input passed to the 'f' parameter in docs/showdoc.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources on the Windows platform, and remote files from Windows shared folders.
SolutionUpdate the affected package.