Vulnerability Description
Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Coppermine-Gallery | Coppermine Photo Gallery | 1.4.14 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/487351/100/200/threaded
- http://www.securitytracker.com/id?1019285
- http://www.vupen.com/english/advisories/2008/0367PatchVendor Advisory
- http://www.waraxe.us/advisory-66.htmlExploit
- http://www.securityfocus.com/archive/1/487351/100/200/threaded
- http://www.securitytracker.com/id?1019285
- http://www.vupen.com/english/advisories/2008/0367PatchVendor Advisory
- http://www.waraxe.us/advisory-66.htmlExploit
FAQ
What is CVE-2008-7186?
CVE-2008-7186 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE...
How severe is CVE-2008-7186?
CVE-2008-7186 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-7186?
Check the references section above for vendor advisories and patch information. Affected products include: Coppermine-Gallery Coppermine Photo Gallery.