Description

relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.

Remediation

References

CVE-2005-3979

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3553)

WordPress Plugin Image Slider by Ays-Responsive Slider and Carousel SQL Injection (2.4.9)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13450)

reveal.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8127)

MySQL CVE-2013-0371 Vulnerability (CVE-2013-0371)

Severity

Medium

Classification

CVE-2005-3979 CWE-287

Tags

Missing Update Known Vulnerabilities