Coppermine Gallery < 1.1 beta 3 SQL Injection (deprecated)
High Nessus Network Monitor Plugin ID 1553
SynopsisThe remote web server contains a script which is vulnerable to a SQL injection attack.
DescriptionThe remote host is running CopperMine Gallery, a set of PHP scripts to handle galleries of pictures. There is a flaw in the version of Coppermine Gallery which is used by the remote host, which may allow an attacker to do a SQL injection attack, which would allow the viewing of arbitrary pictures or even to gain administrative access on this database.
SolutionUpgrade to Coppermine Gallery 1.1 beta 3 or higher.