CVE-2004-1984

Name of the Vulnerable Software and Affected Versions Coppermine Photo Gallery versions 1.2.0 RC4 through 1.2.2b

Description The issue allows remote attackers to obtain sensitive information via direct HTTP requests to various scripts, including (1) "phpinfo.php", (2) "addpic.php", (3) "config.php", (4) "db input.php", (5) "displayecard.php", (6) "ecard.php", (7) "crop.inc.php". These requests can reveal the full path in a PHP error message.

Recommendations For Coppermine Photo Gallery versions 1.2.0 RC4 through 1.2.2b, restrict access to the sensitive scripts, including "phpinfo.php", "addpic.php", "config.php", "db input.php", "displayecard.php", "ecard.php", and "crop.inc.php" to minimize the risk of exploitation. Consider removing or securing these files until a patch is available.