Description

Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.

Remediation

References

CVE-2012-1614

Related Vulnerabilities

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2729)

WordPress Plugin WP-Members Membership Cross-Site Scripting (3.1.7)

WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login SQL Injection (5.0.1.5)

WordPress Plugin Simple Photo Gallery Cross-Site Scripting (1.8.0)

Internet Information Services Unchecked Return Value Vulnerability (CVE-2005-4360)

Severity

Medium

Classification

CVE-2012-1614 CWE-200

Tags

Missing Update Known Vulnerabilities