Coppermine Gallery < 1.3.4 displayimage.php HTML Injection (deprecated)
Medium Nessus Network Monitor Plugin ID 3178
SynopsisThe remote host is vulnerable to an HTML Injection attack.
DescriptionThe remote host is running CopperMine Gallery, a set of PHP scripts to handle galleries of pictures. There is an injection flaw in this version of Coppermine Gallery. Specifically, the 'displayimage.php' script does not properly sanitize user-supplied images prior to rendering. An attacker exploiting this flaw can run arbitrary code within the browser of unsuspecting users.
SolutionUpgrade to version 1.3.4 or higher.