coppermine -- multiple vulnerabilities

ID 12488805-6773-11DC-8BE8-02E0185F8D72
Type freebsd
Reporter FreeBSD
Modified 2010-05-12T00:00:00


The coppermine development team reports two vulnerabilities with the coppermine application. These vulnerabilities are caused by improper checking of the log variable in "viewlog.php" and improper checking of the referer variable in "mode.php". This could allow local file inclusion, potentially disclosing valuable information and could lead to an attacker conducting a cross site scripting attack against the targeted site.