CVE-2012-1614
NONE EPSS 94.5%
Published Sep 4, 201213y ago · Modified Jun 16, 20262w ago
Published Sep 4, 2012 13y ago
Last Modified Jun 16, 2026 2w ago
Description
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.
Threat Intelligence
EPSS Exploit Probability
94.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 61
| Vendor | Product | Version | Range |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | * | ≤1.5.18 |
| coppermine-gallery | coppermine_photo_gallery | 1.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.1.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.3.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.3.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.3.2 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.3.3 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.3.4 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.3.5 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.2 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.3 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.4 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.5 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.6 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.7 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.8 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.9 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.10 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.11 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.12 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.13 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.14 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.15 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.16 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.17 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.18 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.19 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.20 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.21 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.22 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.23 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.24 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.25 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.26 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.27 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.2 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.3 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.4 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.6 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.8 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.10 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.12 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.14 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.5.16 | any |
References 14
- archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html
- coppermine.svn.sourceforge.net http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354
- forum.coppermine-gallery.net http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html
- osvdb.org http://osvdb.org/80732
- osvdb.org http://osvdb.org/80733
- osvdb.org http://osvdb.org/80734
- osvdb.org http://osvdb.org/80735
- packetstormsecurity.org http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html
- exploit-db.com http://www.exploit-db.com/exploits/18680
- openwall.com http://www.openwall.com/lists/oss-security/2012/03/30/5
- openwall.com http://www.openwall.com/lists/oss-security/2012/03/30/6
- openwall.com http://www.openwall.com/lists/oss-security/2012/04/03/6
- securityfocus.com http://www.securityfocus.com/bid/52818
- waraxe.us http://www.waraxe.us/advisory-81.html
Remediation
- coppermine.svn.sourceforge.net http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354