Coppermine < 1.4.20 'img_dir' Arbitrary File Upload
High Nessus Network Monitor Plugin ID 4847
SynopsisThe remote host is vulnerable to a file upload vulnerability.
DescriptionThe remote host is running Coppermine.
This version of Coppermine is vulnerable to a file upload vulnerability due to a flaw in the way that the program parses data sent to the 'img_dir' parameter of the 'picEditor.php' script. An attacker exploiting this flaw would be able to upload arbitrary files to the 'album' subdirectory.
SolutionUpgrade to version 1.4.20 or higher.