Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Coppermine_photo_gallery | Coppermine-gallery | 1.4.14 (including) | 1.4.14 (including) |