Coppermine Photo Gallery db_input.php Path Disclosure

2004-04-29T00:00:00
ID OSVDB:6497
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-04-29T00:00:00

Description

Vulnerability Description

Coppermine Photo Gallery contains a flaw that may lead to an unauthorized information disclosure. By sending specially crafted URL requests to the db_input.php script the program will return an error message, which will disclose the installation path resulting in a loss of confidentiality.

Solution Description

Upgrade to version 1.3beta or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Coppermine Photo Gallery contains a flaw that may lead to an unauthorized information disclosure. By sending specially crafted URL requests to the db_input.php script the program will return an error message, which will disclose the installation path resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/nuke72/modules/coppermine/db_input.php

References:

Vendor URL: http://coppermine.sourceforge.net/ Vendor Specific Solution URL: http://nukephotogallery.com/index.php?name=Downloads&d_op=viewdownloaddetails&lid=39 Vendor Specific Advisory URL Security Tracker: 1010001 Secunia Advisory ID:11524 Related OSVDB ID: 5757 Related OSVDB ID: 5759 Related OSVDB ID: 6495 Related OSVDB ID: 6498 Related OSVDB ID: 6499 Related OSVDB ID: 5756 Related OSVDB ID: 6500 Related OSVDB ID: 5758 Related OSVDB ID: 5761 Related OSVDB ID: 5912 Related OSVDB ID: 6496 Other Advisory URL: http://www.waraxe.us/index.php?modname=sa&id=26 Keyword: waraxe-2004-SA#026 ISS X-Force ID: 16039 Bugtraq ID: 10253