Description
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.
Remediation
References
Related Vulnerabilities
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3747)
MySQL CVE-2017-10167 Vulnerability (CVE-2017-10167)
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.5)
WordPress Plugin Allow PHP in Posts and Pages 'id' Parameter SQL Injection (2.0.0.RC1)
WordPress Plugin Simple Mail Address Encoder Cross-Site Scripting (1.6.1)