Description

relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.

Remediation

References

CVE-2005-3979

Related Vulnerabilities

WordPress Plugin Edwiser Bridge-WordPress Moodle LMS Integration Multiple Cross-Site Request Forgery Vulnerabilities (2.0.6)

PHP Resource Management Errors Vulnerability (CVE-2006-1991)

WordPress 4.4.x Possible SQL Injection Vulnerability (4.4 - 4.4.11)

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2978)

WordPress Plugin BulletProof Security Multiple Vulnerabilities (.51)

Severity

Medium

Classification

CVE-2005-3979 CWE-287

Tags

Missing Update Known Vulnerabilities