Описание
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.
Ссылки
- Vendor Advisory
- Permissions RequiredThird Party Advisory
- Permissions RequiredThird Party Advisory
- Vendor Advisory
- Permissions RequiredThird Party Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:beta:*:*:*:*:*:*
cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00604
Низкий
5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
почти 4 года назад
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.
EPSS
Процентиль: 69%
0.00604
Низкий
5 Medium
CVSS2
Дефекты
CWE-287