Remote Information Disclosure in Coppermine Photo Gallery by Coppermine
CVE-2005-3979

Currently unrated

Key Information:

Vendor: Coppermine-gallery
Status: Coppermine Photo Gallery
Vendor: CVE Published:; 3 December 2005

🔔 Create Coppermine-gallery Vulnerability Alert

What is CVE-2005-3979?

A security flaw in the Coppermine Photo Gallery's relocate_server.php script, present in versions 1.4.2 and 1.4 beta, allows unauthorized remote attackers to access sensitive data. Since this script remains on the server after installation and lacks appropriate authentication controls, attackers can exploit direct requests to retrieve critical information, including database configuration settings. This vulnerability highlights the importance of secure installation practices and robust authentication mechanisms to protect sensitive data from unauthorized access.

References

http://secunia.com/advisories/17855

third-party-advisoryx_refsource_SECUNIA

http://coppermine-gallery.net/forum/index.php?topic=24217.0

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2005/2698

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2005
Vulnerability Reserved
Dec 3, 2005

JSON