Coppermine < 1.4.23 injection
High Nessus Network Monitor Plugin ID 5028
SynopsisThe remote host is vulnerable to a SQL Injection attack
DescriptionThe remote host is running Coppermine.
Coppermine is a web-based photo album written in PHP. This version of Coppermine is vulnerable to a SQL injection vulnerability when handling malformed data sent to the 'thumbnails.php', 'db_input.php', and 'displayecard.php'. An attacker, exploiting this flaw, would be able to execute arbitrary SQL commands on the database server used by Coppermine.
SolutionWhen available, upgrade to version 1.4.23 or higher.