Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Coppermine Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7186)

Description

Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.

Remediation

References

Related Vulnerabilities

MySQL CVE-2014-6491 Vulnerability (CVE-2014-6491)

WordPress Plugin Gallery-Responsive Photo and Video Gallery by Limb Cross-Site Scripting (1.3.2)

WordPress Plugin Video Lessons Manager-Best Video Course LMS Cross-Site Scripting (1.7.1)

WordPress Plugin Social Media Widget by Acurax Cross-Site Request Forgery (3.2.5)

Magento CVE-2020-3718 Vulnerability (CVE-2020-3718)

Severity

Medium

Classification

CVE-2008-7186 CWE-264

Tags

Missing Update Known Vulnerabilities