Multiple vulnerabilities have been identified in Coppermine Photo Gallery, which could be exploited by remote attackers to execute arbitrary scripting code, manipulate SQL queries, or compromise a vulnerable web server.
The first issue is caused by an input validation error in the "include/imageObjectIM.class.php" script that does not validate the "quality", "angle" and "clipval" parameters before being passed as arguments to "exec()" calls, which could be exploited by remote attackers to inject and execute arbitrary code with the privileges of the web server. Note: This issue is not exploitable when ImageMagick is not used as the image library.
The second vulnerability is caused by input validation errors in the "docs/showdoc.php" script when processing the "t" and "h" parameters, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
The third issue is caused by input validation errors in the "util.php" and "reviewcom.php" scripts when processing the "albumid", "startpic", "numpics" and "cid_array" parameters, which could be exploited by malicious administrators to conduct SQL injection attacks.
The fourth weakness is caused by errors in the "update.php" and "include/slideshow.inc.php" scripts, which could be exploited by attackers to gain knowledge of sensitive information (e.g. database table prefix or installation path).
Credits
Vulnerabilities reported by Janek Vind (waraxe).
ChangeLog
2008-01-31 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
