{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2012-1614", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18", "refsource" : "BUGTRAQ", "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html" }, { "name" : "18680", "refsource" : "EXPLOIT-DB", "url" : "http://www.exploit-db.com/exploits/18680" }, { "name" : "[oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081", "refsource" : "MLIST", "url" : "http://www.openwall.com/lists/oss-security/2012/03/30/5" }, { "name" : "[oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081", "refsource" : "MLIST", "url" : "http://www.openwall.com/lists/oss-security/2012/03/30/6" }, { "name" : "[oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081", "refsource" : "MLIST", "url" : "http://www.openwall.com/lists/oss-security/2012/04/03/6" }, { "name" : "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html", "refsource" : "MISC", "url" : "http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html" }, { "name" : "http://www.waraxe.us/advisory-81.html", "refsource" : "MISC", "url" : "http://www.waraxe.us/advisory-81.html" }, { "name" : "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354", "refsource" : "CONFIRM", "url" : "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354" }, { "name" : "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html", "refsource" : "CONFIRM", "url" : "http://forum.coppermine-gallery.net/index.php/topic,74682.0.html" }, { "name" : "52818", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/52818" }, { "name" : "80732", "refsource" : "OSVDB", "url" : "http://osvdb.org/80732" }, { "name" : "80733", "refsource" : "OSVDB", "url" : "http://osvdb.org/80733" }, { "name" : "80734", "refsource" : "OSVDB", "url" : "http://osvdb.org/80734" }, { "name" : "80735", "refsource" : "OSVDB", "url" : "http://osvdb.org/80735" } ] } }