Coppermine Photo Gallery EXIF Data Script Insertion - Website Hosting - VPS Hosting - Domain Registration Ireland

#1 (permalink)

22-08-05, 09:23 AM

niall

Junior Member

Join Date: May 2004

Posts: 18

Coppermine Photo Gallery EXIF Data Script Insertion

A vulnerability has been reported in Coppermine Photo Gallery, which can be exploited by malicious people to conduct script insertion attacks.

EXIF data stored in certain image files are not properly sanitised before being displayed to users. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected site when malicious EXIF data are viewed.

The vulnerability has been reported in versions prior to 1.3.4.

Solution:
Update to version 1.3.4.

Tags

coppermine, data, exif, gallery, insertion, photo, script

« phpAdsNew Multiple Vulnerabilities | PostNuke "show" Parameter SQL Injection Vulnerability »

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Gallery EXIF Data Script Insertion Vulnerability	niall	Security Notices	0	26-08-05 09:58 AM
PHP-Nuke "off-site Avatar" Script Insertion Vulner	niall	Security Notices	2	28-07-05 09:09 AM
phpBB BBcode "url" Script Insertion Vulnerability	niall	Security Notices	0	28-07-05 08:47 AM

All times are GMT. The time now is 03:06 PM.