[VIM] Coppermine Photo Gallery RFI Issues
George A. Theall
theall at tenablesecurity.com
Thu May 31 14:26:27 UTC 2007
Last march, Hasadya Raed reported some remote file include issues in
Coppermine Photo Gallery:
http://archives.neohapsis.com/archives/bugtraq/2007-03/0068.html
http://archives.neohapsis.com/archives/bugtraq/2007-03/0309.html
And the issues made it into various VDBs (eg, CVE-2007-1414, OSVDB
35065-35070).
I've only checked a couple of the issues, but none look valid. For
example, looking at both 1.4.10 (which is and was current in March) as
well as 1.4.3, I see:
o Many scripts call near their start include/init.inc.php,
which sanitizes parameters and unregisters any global
variables that might have been registered.
o image_processor.php uses $cmd in various calls to exec(),
not include / require functions, but there's no way for
an attacker to control it, at least by a 'cmd' parameter.
o include/functions.php contains only function definitions.
o include/picmgmt.inc.php and include/plugin_api.inc.php
can't be called directly.
Has anyone actually been able to verify any of the vulnerabilites in any
version of the software? Or is this just another case of grep-n-gripe?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list