Great Reviews!Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?Need help customizing or designing scripts?Please contact us via the Contact Us option for further details and pricing.
DESCRIPTION: girex has discovered some vulnerabilities in Coppermine Photo Gallery, which can be exploited by malicious people to conduct SQL injection attacks, disclose sensitive information, or potentially compromise a vulnerable system. The vulnerabilities are confirmed in version 1.4.22. Other versions may also be affected.
1) Input passed via the "GLOBALS[cat]" parameter in thumbnails.php (if "album" is set to "alpha") is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled and "register_globals" is enabled.
2) Input passed to the "GLOBALS[USER][lang]" parameter is not properly sanitised before being used to includes files. This can be exploited to include arbitrary files from local resources via a specially crafted request containing directory traversal sequences and a URL-encoded NULL byte. Successful exploitation allows execution of arbitrary PHP code, but requires privileges to upload files, and that "magic_quotes_gpc" is disabled and "register_globals" is enabled.
SOLUTION: Set "magic_quotes_gpc" to "On" and "register_globals" to "Off".
PROVIDED AND/OR DISCOVERED BY: girex
ORIGINAL ADVISORY: http://milw0rm.com/exploits/8713
Posted on Tuesday, May 19, 2009 @ 17:25:49 EDT by Raven
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
