header-logo
Suggest Exploit
vendor:
Coppermine Photo Gallery
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting, Local File Include
79
CWE
Product Name: Coppermine Photo Gallery
Affected Version From: 1.4.12
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-2007-2575
CPE: a:coppermine-gallery:coppermine_photo_gallery:1.4.12
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Coppermine Photo Gallery Cross-Site Scripting and Local File Include Vulnerabilities

The Coppermine Photo Gallery is prone to a cross-site scripting issue and a local file-include issue. Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary code, and retrieve arbitrary content within the context of the webserver process.

Mitigation:

Update to a version of Coppermine Photo Gallery that is not vulnerable to these issues.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25698/info

Coppermine Photo Gallery is prone to a cross-site scripting issue and a local file-include issue.

Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary code, and retrieve arbitrary content within the context of the webserver process.

Coppermine Photo Gallery 1.4.12 is vulnerable; other versions may also be affected. 

http://www.example.com/cpg/mode.php?admin_mode=1&referer=javascript:alert(document.cookie)