Description
Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-Stateless-Google Cloud Storage Remote Code Execution (2.2.0)
WordPress Plugin WooCommerce Blocks Security Bypass (3.7.0)
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-4782)
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-15700)
WordPress Plugin Responsive Logo Slideshow Cross-Site Scripting (1.0)