Coppermine 1.5.42: Second-Order Command Execution
11 min read
2 Dec 2016
by
Martin Bednorz
The second gift in our advent calendar contains descriptions of vulnerabilities in Coppermine, a very popular picture gallery application written in PHP and in active development since 2003. It consists of ~160,000 lines of code (medium-sized web application) and is downloaded roughly 1,200 times per week.