Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Coppermine_photo_gallery | Coppermine | 1.0_rc3 (including) | 1.0_rc3 (including) |
| Coppermine_photo_gallery | Coppermine | 1.1_.0 (including) | 1.1_.0 (including) |
| Coppermine_photo_gallery | Coppermine | 1.1_beta_2 (including) | 1.1_beta_2 (including) |
| Coppermine_photo_gallery | Coppermine | 1.2 (including) | 1.2 (including) |
| Coppermine_photo_gallery | Coppermine | 1.2.1 (including) | 1.2.1 (including) |
| Coppermine_photo_gallery | Coppermine | 1.2.2_b (including) | 1.2.2_b (including) |
| Php-nuke | Francisco_burzi | 6.9 (including) | 6.9 (including) |
| Php-nuke | Francisco_burzi | 7.0 (including) | 7.0 (including) |
| Php-nuke | Francisco_burzi | 7.0_final (including) | 7.0_final (including) |
| Php-nuke | Francisco_burzi | 7.1 (including) | 7.1 (including) |
| Php-nuke | Francisco_burzi | 7.2 (including) | 7.2 (including) |