Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 134993 - www-apps/coppermine Multiple issues (CVE-2006-2514)
Summary: www-apps/coppermine Multiple issues (CVE-2006-2514)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial
Assignee: Gentoo Security
URL: http://www.securityfocus.com/archive/...
Whiteboard: ~4 [noglsa] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2006-05-31 01:31 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2006-06-14 02:28 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-05-31 01:31:00 UTC 
Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-06-12 23:42:58 UTC 
Web-apps please advise.

Adding another issue here:


 HTTP://KAPDA.IR
 
 ??-Summary??-
 
 Software: CPG Coppermine Photo Gallery
 
 Software?s Web Site: http://coppermine.sourceforge.net/
 
 Versions: 1.4.8.stable
 
 Class: Remote
 
 Status: Unpatched
 
 Exploit: Available
 
 Solution: Available
 
 Discovered by: imei addmimistrator
 
 Risk Level: Mediume-High
 
 ??-Description??-
 
 There is a security flaw in Coppermine Photo Gallery, one of popular photo galleries in internet, that allows attacker perform an SQL INJECTION attack .
Comment 2 Stefan Cornelius (RETIRED) gentoo-dev 2006-06-13 02:44:38 UTC 
web-apps please bump, thanks
Comment 3 Stuart Herbert (RETIRED) gentoo-dev 2006-06-13 13:11:47 UTC 
It has been bumped.  Older version isn't stable on any arch, so no arch team work required.

Best regards,
Stu
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-06-14 02:28:52 UTC 
Thx Stuart.