Description

themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

Remediation

References

CVE-2008-3481

Related Vulnerabilities

Oracle HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)

WordPress Plugin Category List Portfolio Page TimThumb Arbitrary File Upload (1.2.3)

WordPress Plugin YOP Poll Cross-Site Scripting (5.7.3)

Envoy Proxy Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-15225)

WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)

Severity

High

Classification

CVE-2008-3481 CWE-94

Tags

Missing Update Known Vulnerabilities