CVE-2008-3481

Published: Aug 5, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

Affected (31)

Products: Coppermine Gallery: Coppermine Photo Gallery

Coppermine Gallery

1 product

Coppermine Photo Gallery

Configuration A

31 vulnerable

Vulnerable Software	Affected Versions
Coppermine Gallery Coppermine Photo Gallery	Up to 1.4.18
Coppermine Gallery Coppermine Photo Gallery	Version 1.0
Coppermine Gallery Coppermine Photo Gallery	Version 1.0 rc3
Coppermine Gallery Coppermine Photo Gallery	Version 1.1.0
Coppermine Gallery Coppermine Photo Gallery	Version 1.1
Coppermine Gallery Coppermine Photo Gallery	Version 1.1 beta_2
Coppermine Gallery Coppermine Photo Gallery	Version 1.2.0
Coppermine Gallery Coppermine Photo Gallery	Version 1.2.0 rc2
Coppermine Gallery Coppermine Photo Gallery	Version 1.2.1
Coppermine Gallery Coppermine Photo Gallery	Version 1.2.1 b-nuke
Coppermine Gallery Coppermine Photo Gallery	Version 1.2.1 b
Coppermine Gallery Coppermine Photo Gallery	Version 1.3.0
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.0 alpha
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.10
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.11
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.12
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.13
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.14
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.15
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.16
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.17
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.1 beta
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.2
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.3
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.4
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.5
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.6
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.7
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.8
Coppermine Gallery Coppermine Photo Gallery	Version 1.4.9
Coppermine Gallery Coppermine Photo Gallery	Version 1.4 beta

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

http://securityreason.com/securityalert/4108

Source: cve@mitre.org

https://www.exploit-db.com/exploits/6178

Source: cve@mitre.org

http://securityreason.com/securityalert/4108

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/6178

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.