FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

coppermine -- Multiple File Extensions Vulnerability

Affected packages
coppermine < 1.4.6


VuXML ID 0b628470-e9a6-11da-b9f4-00123ffe8333
Discovery 2006-05-22
Entry 2006-05-22

Secunia reports:

Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.

The vulnerability is caused due to an error in the handling of file uploads where a filename has multiple file extensions. This can be exploited to upload malicious script files inside the web root (e.g. a PHP script).

Successful exploitation may allow execution of script code depending on the HTTP server configuration (it requires e.g. an Apache server with the "mod_mime" module installed).