漏洞信息详情

Coppermine Photo Gallery upload.php文件SQL注入漏洞

漏洞简介

Coppermine是用PHP编写的多用途集成web图形库脚本。 Coppermine的upload.php文件处理用户请求数据时存在输入验证漏洞,远程攻击者可能利用此漏洞执行SQL注入攻击。

在执行URI/URL上传时Coppermine的upload.php文件没有正确地过滤远程HTTP服务器的MIME媒体类型输入,远程攻击者通过操控SQL查询请求执行SQL注入攻击。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Coppermine Photo Gallery 1.4

Coppermine cpg1.4.18.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.18.zip?modtime=1208 178518&big_mirror=0

Coppermine Photo Gallery 1.4.10

Coppermine cpg1.4.18.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.18.zip?modtime=1208 178518&big_mirror=0

Coppermine Photo Gallery 1.4.11

Coppermine cpg1.4.18.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.18.zip?modtime=1208 178518&big_mirror=0

Coppermine Photo Gallery 1.4.12

Coppermine cpg1.4.18.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.18.zip?modtime=1208 178518&big_mirror=0

Coppermine Photo Gallery 1.4.13

Coppermine cpg1.4.18.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.18.zip?modtime=1208 178518&big_mirror=0

Coppermine Photo Gallery 1.4.14

Coppermine cpg1.4.18.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.18.zip?modtime=1208 178518&big_mirror=0

Coppermine Photo Gallery 1.4.15

Coppermine cpg1.4.18.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.18.zip?modtime=1208 178518&big_mirror=0

Coppermine Photo Gallery 1.4.16

Coppermine cpg1.4.18.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.18.zip?modtime=1208 178518&big_mirror=0

Coppermine Photo Gallery 1.4.2

Coppermine cpg1.4.18.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.18.zip?modtime=1208 178518&big_mirror=0

Coppermine Photo Gallery 1.4.3

Coppermine cpg1.4.18.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.18.zip?modtime=1208 178518&big_mirror=0

Coppermine Photo Gallery 1.4.4

Coppermine cpg1.4.18.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.18.zip?modtime=1208 178518&big_mirror=0

Coppermine Photo Gallery 1.4.9

Coppermine cpg1.4.18.zip

http://downloads.sourceforge.net/coppermine/cpg1.4.18.zip?modtime=1208 178518&big_mirror=0

参考网址

来源: BID

名称: 28766

链接:http://www.securityfocus.com/bid/28766

来源: sourceforge.net

链接:http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=592069

来源: XF

名称: coppermine-upload-sql-injection(41784)

链接:http://xforce.iss.net/xforce/xfdb/41784

来源: OSVDB

名称: 44345

链接:http://www.osvdb.org/44345

来源: SECUNIA

名称: 29795

链接:http://secunia.com/advisories/29795

来源: forum.coppermine-gallery.net

链接:http://forum.coppermine-gallery.net/index.php/topic,51787,0.html

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多