FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

coppermine -- Multiple vulnerabilities

Affected packages
coppermine < 1.5.20


VuXML ID 6dd5e45c-f084-11e1-8d0f-406186f3d89d
Discovery 2012-03-29
Entry 2012-08-30

The Coppermine Team reports:

The release covers several path disclosure vulnerabilities. If unpatched, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information. Furthermore, the release covers a recently discovered XSS vulnerability that allows (if unpatched) a malevolent visitor to include own script routines under certain conditions.


CVE Name CVE-2012-1613
CVE Name CVE-2012-1614