正文

CPG include/function.inc.php SQL注入漏洞

admin
admin V管理员 /0 评论 /8 阅读
0103
此篇文章发布距今已超过1283天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

CPG include/function.inc.php SQL注入漏洞

  • CNNVD编号:CNNVD-200606-366
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2006-3064
  • 漏洞类型: SQL注入
  • 发布时间: 2006-06-19
  • 威胁类型: 远程
  • 更新时间: 2007-08-13
  • 厂        商: coppermine
  • 漏洞来源:

漏洞简介

Coppermine Photo Gallery (CPG) 1.4.8中的include/function.inc.php存在SQL注入漏洞。\"Keep detailed hit statistics\"启用时,远程攻击者可以借助(1)访问来源和(2)用户代理HTTP标头,执行任意SQL命令。

漏洞公告

目前厂商已经发布了相关补丁,请到厂商的主页下载:

Adobe Reader 3.0

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe Adobe Reader 7.0.8 for Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =Windows

Adobe Reader 4.0 5c

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe Adobe Reader 7.0.8 for Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =Windows

Adobe Reader 4.0

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe Adobe Reader 7.0.8 for Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =Windows

Adobe Reader 4.0 5

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe Adobe Reader 7.0.8 for Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =Windows

Adobe Reader 4.0.5 A

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe Adobe Reader 7.0.8 for Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =Windows

Adobe Reader 5.0

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe Adobe Reader 7.0.8 for Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =Windows

Adobe Reader 5.0.10

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe Adobe Reader 7.0.8 for Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =Windows

Adobe Reader 5.0.5

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe Adobe Reader 7.0.8 for Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =Windows

Adobe Reader 5.1

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe Adobe Reader 7.0.8 for Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =Windows

Adobe Reader 6.0

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe Adobe Reader 7.0.8 for Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =Windows

Adobe Reader 6.0.1

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe Adobe Reader 7.0.8 for Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =Windows

Adobe Reader 6.0.2

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe Adobe Reader 7.0.8 for Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =Windows

Adobe Reader 6.0.3

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe Adobe Reader 7.0.8 for Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =Windows

Adobe Reader 6.0.4

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe Adobe Reader 7.0.8 for Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =Windows

Adobe Reader 7.0

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe Adobe Reader 7.0.8 for Windows

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =Windows

Adobe Reader 7.0.1

Adobe Adobe Reader 7.0.8 for Macintosh

http://www.adobe.com/support/downloads/product.jsp?product=10&platform =MacIntosh

Adobe

参考网址

来源: BUGTRAQ

名称: 20060611 [KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack

链接:http://www.securityfocus.com/archive/1/archive/1/436799/30/4470/threaded

来源: VUPEN

名称: ADV-2006-2317

链接:http://www.frsirt.com/english/advisories/2006/2317

来源: SECUNIA

名称: 20597

链接:http://secunia.com/advisories/20597

来源: MISC

链接:http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html

受影响实体

  • Coppermine Coppermine_photo_gallery:1.4.8  
    <!--
    2000-1-1
    -->

补丁

    暂无