Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1614

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-1614
Last Modified 05 Sep 2012 12:00:00
Published 04 Sep 2012 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1614

Summary

Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.

Vulnerable Systems

Application

  • Coppermine-gallery Coppermine Photo Gallery 1.0

  • Coppermine-gallery Coppermine Photo Gallery 1.1

  • Coppermine-gallery Coppermine Photo Gallery 1.1.0

  • Coppermine-gallery Coppermine Photo Gallery 1.2

  • Coppermine-gallery Coppermine Photo Gallery 1.2.0

  • Coppermine-gallery Coppermine Photo Gallery 1.2.1

  • Coppermine-gallery Coppermine Photo Gallery 1.3.0

  • Coppermine-gallery Coppermine Photo Gallery 1.3.1

  • Coppermine-gallery Coppermine Photo Gallery 1.3.2

  • Coppermine-gallery Coppermine Photo Gallery 1.3.3

  • Coppermine-gallery Coppermine Photo Gallery 1.3.4

  • Coppermine-gallery Coppermine Photo Gallery 1.3.5

  • Coppermine-gallery Coppermine Photo Gallery 1.4

  • Coppermine-gallery Coppermine Photo Gallery 1.4.0

  • Coppermine-gallery Coppermine Photo Gallery 1.4.1

  • Coppermine-gallery Coppermine Photo Gallery 1.4.10

  • Coppermine-gallery Coppermine Photo Gallery 1.4.11

  • Coppermine-gallery Coppermine Photo Gallery 1.4.12

  • Coppermine-gallery Coppermine Photo Gallery 1.4.13

  • Coppermine-gallery Coppermine Photo Gallery 1.4.14

  • Coppermine-gallery Coppermine Photo Gallery 1.4.15

  • Coppermine-gallery Coppermine Photo Gallery 1.4.16

  • Coppermine-gallery Coppermine Photo Gallery 1.4.17

  • Coppermine-gallery Coppermine Photo Gallery 1.4.18

  • Coppermine-gallery Coppermine Photo Gallery 1.4.19

  • Coppermine-gallery Coppermine Photo Gallery 1.4.2

  • Coppermine-gallery Coppermine Photo Gallery 1.4.20

  • Coppermine-gallery Coppermine Photo Gallery 1.4.21

  • Coppermine-gallery Coppermine Photo Gallery 1.4.22

  • Coppermine-gallery Coppermine Photo Gallery 1.4.23

  • Coppermine-gallery Coppermine Photo Gallery 1.4.24

  • Coppermine-gallery Coppermine Photo Gallery 1.4.25

  • Coppermine-gallery Coppermine Photo Gallery 1.4.26

  • Coppermine-gallery Coppermine Photo Gallery 1.4.27

  • Coppermine-gallery Coppermine Photo Gallery 1.4.3

  • Coppermine-gallery Coppermine Photo Gallery 1.4.4

  • Coppermine-gallery Coppermine Photo Gallery 1.4.5

  • Coppermine-gallery Coppermine Photo Gallery 1.4.6

  • Coppermine-gallery Coppermine Photo Gallery 1.4.7

  • Coppermine-gallery Coppermine Photo Gallery 1.4.8

  • Coppermine-gallery Coppermine Photo Gallery 1.4.9

  • Coppermine-gallery Coppermine Photo Gallery 1.5.1

  • Coppermine-gallery Coppermine Photo Gallery 1.5.10

  • Coppermine-gallery Coppermine Photo Gallery 1.5.12

  • Coppermine-gallery Coppermine Photo Gallery 1.5.14

  • Coppermine-gallery Coppermine Photo Gallery 1.5.16

  • Coppermine-gallery Coppermine Photo Gallery 1.5.18

  • Coppermine-gallery Coppermine Photo Gallery 1.5.2

  • Coppermine-gallery Coppermine Photo Gallery 1.5.3

  • Coppermine-gallery Coppermine Photo Gallery 1.5.4

  • Coppermine-gallery Coppermine Photo Gallery 1.5.6

  • Coppermine-gallery Coppermine Photo Gallery 1.5.8


References

MISC - http://www.waraxe.us/advisory-81.html

BID - 52818

MLIST - [oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081

MLIST - [oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081

MLIST - [oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081

EXPLOIT-DB - 18680

MISC - http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html

OSVDB - 80735

OSVDB - 80734

OSVDB - 80733

OSVDB - 80732

CONFIRM - http://forum.coppermine-gallery.net/index.php/topic,74682.0.html

CONFIRM - http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354

BUGTRAQ - 20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18


Last Updated: 27 May 2016 11:00:27