header-logo
Suggest Exploit
vendor:
Coppermine Photo Gallery
by:
7.5
CVSS
HIGH
Cross-Site Scripting, Local File Inclusion
79, 98
CWE
Product Name: Coppermine Photo Gallery
Affected Version From: 1.4.12
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Coppermine Photo Gallery Cross-Site Scripting and Local File Inclusion Vulnerabilities

The Coppermine Photo Gallery is vulnerable to a cross-site scripting issue and a local file-include issue. Attackers can exploit these vulnerabilities to steal cookie-based authentication credentials, execute arbitrary code, and retrieve arbitrary content within the context of the webserver process.

Mitigation:

Apply patches and updates provided by the vendor. Restrict access to vulnerable pages and directories. Input validation and output encoding should be implemented to prevent cross-site scripting attacks. Avoid using user-supplied input in file inclusion operations.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25698/info
 
Coppermine Photo Gallery is prone to a cross-site scripting issue and a local file-include issue.
 
Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary code, and retrieve arbitrary content within the context of the webserver process.
 
Coppermine Photo Gallery 1.4.12 is vulnerable; other versions may also be affected. 

http://localhost/cpg/viewlog.php?log=../../../../../../../../../etc/passwd%00

Navigation

Suggest Exploit

Services By CQR