3 matches found
Design/Logic Flaw
Coppermine Photo Gallery CPG 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504...
CVE-2008-7186
Coppermine Photo Gallery CPG 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504...
CVE-2008-0504
Coppermine Photo Gallery (CPG) prior to version 1.4.15 contains multiple SQL injection flaws that can be triggered by an authenticated remote administrator via parameters (albumid, startpic, numpics) to util.php and cid_array to reviewcom.php. The underlying issue is insufficient input validation...