Details of VAR-200405-0047

ID

VAR-200405-0047

CVE

CVE-2004-1984

TITLE

Coppermine Photo Gallery Sensitive Information Disclosure Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200405-003

DESCRIPTION

Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message. Coppermine Photo Gallery is prone to a information disclosure vulnerability

Trust: 1.26

sources: NVD: CVE-2004-1984 // BID: 90410 // VULHUB: VHN-10412

AFFECTED PRODUCTS

vendor:	coppermine	model:	photo gallery	scope:	eq	version:	1.2.1	Trust: 1.9
vendor:	coppermine	model:	photo gallery	scope:	eq	version:	1.1_beta_2	Trust: 1.6
vendor:	coppermine	model:	photo gallery	scope:	eq	version:	1.0_rc3	Trust: 1.6
vendor:	coppermine	model:	photo gallery	scope:	eq	version:	1.1_.0	Trust: 1.6
vendor:	coppermine	model:	photo gallery	scope:	eq	version:	1.2	Trust: 1.6
vendor:	coppermine	model:	photo gallery	scope:	eq	version:	1.2.2_b	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.1	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.2	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.9	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.0_final	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.0	Trust: 1.0
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.2	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.1	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	7.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.9	Trust: 0.3
vendor:	coppermine	model:	photo gallery b	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	coppermine	model:	photo gallery	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	coppermine	model:	photo gallery beta	scope:	eq	version:	1.12	Trust: 0.3
vendor:	coppermine	model:	photo gallery	scope:	eq	version:	1.1.0	Trust: 0.3
vendor:	coppermine	model:	photo gallery rc3	scope:	eq	version:	1.0	Trust: 0.3

sources: BID: 90410 // CNNVD: CNNVD-200405-003 // NVD: CVE-2004-1984

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1984
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200405-003
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-10412
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-1984
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10412
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10412 // CNNVD: CNNVD-200405-003 // NVD: CVE-2004-1984

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1984

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200405-003

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200405-003

EXTERNAL IDS

db:	SECTRACK	id:	1010001	Trust: 2.0
db:	NVD	id:	CVE-2004-1984	Trust: 2.0
db:	OSVDB	id:	6497	Trust: 1.7
db:	OSVDB	id:	6499	Trust: 1.7
db:	OSVDB	id:	6500	Trust: 1.7
db:	OSVDB	id:	6495	Trust: 1.7
db:	OSVDB	id:	5756	Trust: 1.7
db:	OSVDB	id:	6498	Trust: 1.7
db:	OSVDB	id:	6496	Trust: 1.7
db:	SECUNIA	id:	11524	Trust: 1.7
db:	XF	id:	16039	Trust: 0.9
db:	CNNVD	id:	CNNVD-200405-003	Trust: 0.7
db:	BUGTRAQ	id:	20040502 [WARAXE-2004-SA#026 - MULTIPLE VULNERABILITIES IN COPPERMINE PHOTO GALLERY FOR PHPNUKE]	Trust: 0.6
db:	BID	id:	90410	Trust: 0.4
db:	VULHUB	id:	VHN-10412	Trust: 0.1

sources: VULHUB: VHN-10412 // BID: 90410 // CNNVD: CNNVD-200405-003 // NVD: CVE-2004-1984

REFERENCES

url:	http://securitytracker.com/id?1010001	Trust: 2.0
url:	http://www.waraxe.us/index.php?modname=sa&id=26	Trust: 1.9
url:	http://www.osvdb.org/5756	Trust: 1.7
url:	http://www.osvdb.org/6495	Trust: 1.7
url:	http://www.osvdb.org/6496	Trust: 1.7
url:	http://www.osvdb.org/6497	Trust: 1.7
url:	http://www.osvdb.org/6498	Trust: 1.7
url:	http://www.osvdb.org/6499	Trust: 1.7
url:	http://www.osvdb.org/6500	Trust: 1.7
url:	http://secunia.com/advisories/11524	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16039	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=108360247732014&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108360247732014&w=2	Trust: 0.9
url:	http://xforce.iss.net/xforce/xfdb/16039	Trust: 0.9
url:	http://marc.info/?l=bugtraq&m=108360247732014&w=2	Trust: 0.1
url:	http://www.waraxe.us/index.php?modname=sa&id=26	Trust: 0.1

sources: VULHUB: VHN-10412 // BID: 90410 // CNNVD: CNNVD-200405-003 // NVD: CVE-2004-1984

CREDITS

Unknown

Trust: 0.3

sources: BID: 90410

SOURCES

db:	VULHUB	id:	VHN-10412
db:	BID	id:	90410
db:	CNNVD	id:	CNNVD-200405-003
db:	NVD	id:	CVE-2004-1984

LAST UPDATE DATE

2024-08-14T13:51:17.294000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10412	date:	2017-07-11T00:00:00
db:	BID	id:	90410	date:	2004-05-02T00:00:00
db:	CNNVD	id:	CNNVD-200405-003	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1984	date:	2017-07-11T01:31:31.530

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10412	date:	2004-05-02T00:00:00
db:	BID	id:	90410	date:	2004-05-02T00:00:00
db:	CNNVD	id:	CNNVD-200405-003	date:	2004-05-02T00:00:00
db:	NVD	id:	CVE-2004-1984	date:	2004-05-02T04:00:00