Coppermine Gallery < 1.1 beta 3 SQL Injection (deprecated)

high Nessus Network Monitor Plugin ID 1553

Synopsis

The remote web server contains a script which is vulnerable to a SQL injection attack.

Description

The remote host is running CopperMine Gallery, a set of PHP scripts to handle galleries of pictures. There is a flaw in the version of Coppermine Gallery which is used by the remote host, which may allow an attacker to do a SQL injection attack, which would allow the viewing of arbitrary pictures or even to gain administrative access on this database.

Solution

Upgrade to Coppermine Gallery 1.1 beta 3 or higher.

Plugin Details

Severity: High

ID: 1553

Family: CGI

Published: 8/18/2004

Updated: 1/15/2016