Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Coppermine < 1.4.20 'img_dir' Arbitrary File Upload

High

Synopsis

The remote host is vulnerable to a file upload vulnerability.

Description

The remote host is running Coppermine.

This version of Coppermine is vulnerable to a file upload vulnerability due to a flaw in the way that the program parses data sent to the 'img_dir' parameter of the 'picEditor.php' script. An attacker exploiting this flaw would be able to upload arbitrary files to the 'album' subdirectory.

Solution

Upgrade to version 1.4.20 or higher.