FreeBSD : coppermine -- Multiple vulnerabilities (6dd5e45c-f084-11e1-8d0f-406186f3d89d)
Medium Nessus Plugin ID 61743
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe Coppermine Team reports :
The release covers several path disclosure vulnerabilities. If unpatched, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information.
Furthermore, the release covers a recently discovered XSS vulnerability that allows (if unpatched) a malevolent visitor to include own script routines under certain conditions.
SolutionUpdate the affected package.