FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

coppermine -- Multiple File Extensions Vulnerability

Affected packages
coppermine < 1.4.6

Details

VuXML ID 0b628470-e9a6-11da-b9f4-00123ffe8333
Discovery 2006-05-22
Entry 2006-05-22

Secunia reports:

Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.

The vulnerability is caused due to an error in the handling of file uploads where a filename has multiple file extensions. This can be exploited to upload malicious script files inside the web root (e.g. a PHP script).

Successful exploitation may allow execution of script code depending on the HTTP server configuration (it requires e.g. an Apache server with the "mod_mime" module installed).

[source]

References

URL http://secunia.com/advisories/20211/
URL http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=418266

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.