Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message.
Software | From | Fixed in |
---|---|---|
francisco_burzi / php-nuke | 6.9 | 6.9.x |
francisco_burzi / php-nuke | 7.0 | 7.0.x |
francisco_burzi / php-nuke | 7.0_final | 7.0_final.x |
francisco_burzi / php-nuke | 7.1 | 7.1.x |
francisco_burzi / php-nuke | 7.2 | 7.2.x |
coppermine / coppermine_photo_gallery | 1.0_rc3 | 1.0_rc3.x |
coppermine / coppermine_photo_gallery | 1.1_.0 | 1.1_.0.x |
coppermine / coppermine_photo_gallery | 1.1_beta_2 | 1.1_beta_2.x |
coppermine / coppermine_photo_gallery | 1.2 | 1.2.x |
coppermine / coppermine_photo_gallery | 1.2.1 | 1.2.1.x |
coppermine / coppermine_photo_gallery | 1.2.2_b | 1.2.2_b.x |