漏洞信息详情

Coppermine Photo Gallery 'docs/showdoc.php'多个跨站脚本攻击漏洞

漏洞简介

Coppermine Photo Gallery (CPG) 1.4.15之前版本的docs/showdoc.php中存在多个跨站脚本攻击漏洞。远程攻击者可借助h和t参数,注入任意web脚本或HTML。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Coppermine Photo Gallery 1.4.10

Coppermine cpg1.4.15.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.15.zip

Coppermine Photo Gallery 1.4.11

Coppermine cpg1.4.15.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.15.zip

Coppermine Photo Gallery 1.4.12

Coppermine cpg1.4.15.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.15.zip

Coppermine Photo Gallery 1.4.13

Coppermine cpg1.4.15.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.15.zip

Coppermine Photo Gallery 1.4.14

Coppermine cpg1.4.15.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.15.zip

参考网址

来源: BID

名称: 27511

链接:http://www.securityfocus.com/bid/27511

来源: coppermine-gallery.net

链接:http://coppermine-gallery.net/forum/index.php?topic=50103.0

来源: MISC

链接:http://www.waraxe.us/advisory-66.html

来源: VUPEN

名称: ADV-2008-0367

链接:http://www.vupen.com/english/advisories/2008/0367

来源: SECTRACK

名称: 1019285

链接:http://www.securitytracker.com/id?1019285

来源: BUGTRAQ

名称: 20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14

链接:http://www.securityfocus.com/archive/1/archive/1/487351/100/200/threaded

来源: SECUNIA

名称: 28682

链接:http://secunia.com/advisories/28682

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多