Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote malicious users to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
coppermine-gallery coppermine photo gallery 1.4.14 |