Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Coppermine < 1.4.23 injection



The remote host is vulnerable to a SQL Injection attack


The remote host is running Coppermine.

Coppermine is a web-based photo album written in PHP. This version of Coppermine is vulnerable to a SQL injection vulnerability when handling malformed data sent to the 'thumbnails.php', 'db_input.php', and 'displayecard.php'. An attacker, exploiting this flaw, would be able to execute arbitrary SQL commands on the database server used by Coppermine.


When available, upgrade to version 1.4.23 or higher.