Description
Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.
Remediation
References
Related Vulnerabilities
WordPress Plugin Keyring Cross-Site Scripting (1.5)
Envoy Proxy Missing Authentication for Critical Function Vulnerability (CVE-2022-29226)
WordPress Plugin AccessPress Social Counter Cross-Site Scripting (1.3.6)
Apache Tomcat CVE-2017-5651 Vulnerability (CVE-2017-5651)
WordPress Plugin Advanced Custom Fields PRO Security Bypass (5.12)