relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.
References
Link | Resource |
---|---|
http://coppermine-gallery.net/forum/index.php?topic=24217.0 | Vendor Advisory |
http://secunia.com/advisories/17855 | Permissions Required Third Party Advisory |
http://www.vupen.com/english/advisories/2005/2698 | Permissions Required Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-12-03T19:00:00
Updated: 2016-04-05T15:57:01
Reserved: 2005-12-03T00:00:00
Link: CVE-2005-3979
JSON object: View
NVD Information
Status : Analyzed
Published: 2005-12-03T19:03:00.000
Modified: 2019-07-16T19:37:18.437
Link: CVE-2005-3979
JSON object: View
Redhat Information
No data.
CWE