Coppermine Photo Gallery Multiple Input-Validation Vulnerabilities

vendor:

Coppermine Photo Gallery

by:

7.5

CVSS

HIGH

Input-Validation

CWE

Product Name: Coppermine Photo Gallery

Affected Version From:

Affected Version To:

Patch Exists: YES (update to the latest version)

Related CWE:

CPE: a:coppermine:photo_gallery

Metasploit:

Other Scripts:

Platforms Tested:

Coppermine Photo Gallery Multiple Input-Validation Vulnerabilities

The Coppermine Photo Gallery application is prone to multiple input-validation vulnerabilities that can lead to arbitrary command execution. These vulnerabilities arise due to the application's failure to properly sanitize and validate user-supplied input before using it in dynamic content and function calls that execute system commands. Attackers can exploit these vulnerabilities to steal cookie-based authentication credentials, map the application root directory, execute arbitrary commands, and include arbitrary files.

Mitigation:

It is recommended to update to the latest version of Coppermine Photo Gallery, as newer versions may have addressed these vulnerabilities. Additionally, input validation and sanitization should be implemented to prevent similar vulnerabilities in the future.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10253/info

Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly sanitize and validate user-supplied input before using it in dynamic content and in function calls that execute system commands. 

Attackers may exploit these issues to steal cookie-based authentication credentials, map the application root directory of the affected application, execute arbitrary commands, and include arbitrary files. Other attacks are also possible.

http://www.example.com/nuke72/modules/coppermine/docs/menu.inc.php?CPG_URL=foobar"><body%20onload=alert(document.cookie);>