Vulnerability Details : CVE-2012-1614
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.
Vulnerability category: Information leak
Products affected by CVE-2012-1614
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:beta:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:beta:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:beta_2:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b-nuke:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:b:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.1:beta:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.22:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.24:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.25:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.21:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.23:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.2:beta:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.3:rc:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.26:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.4.27:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.16:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.5.14:*:*:*:*:*:*:*
Threat overview for CVE-2012-1614
Top countries where our scanners detected CVE-2012-1614
Top open port discovered on systems with this issue
80
IPs affected by CVE-2012-1614 6
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-1614!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-1614
0.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-1614
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-1614
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1614
-
http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354
404 Not FoundPatch
-
http://www.openwall.com/lists/oss-security/2012/03/30/5
oss-security - CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081
-
http://www.exploit-db.com/exploits/18680
coppermine 1.5.18 - Multiple Vulnerabilities - PHP webapps ExploitExploit
-
http://forum.coppermine-gallery.net/index.php/topic,74682.0.html
cpg1.5.20 Security release - upgrade mandatory!
-
http://www.securityfocus.com/bid/52818
Coppermine Photo Gallery 'keywords' Field HTML Injection Vulnerability
-
http://www.openwall.com/lists/oss-security/2012/04/03/6
oss-security - Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081Exploit
-
http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html
Exploit
-
http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html
Coppermine 1.5.18 Cross Site Scripting / Path Disclosure ≈ Packet StormExploit
-
http://www.openwall.com/lists/oss-security/2012/03/30/6
oss-security - Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081
-
http://www.waraxe.us/advisory-81.html
[waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18Exploit
Jump to