[原文]Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message.
Coppermine Photo Gallery contains a flaw that may lead to an unauthorized information disclosure. By sending specially crafted URL requests to the phpinfo.php script the program will return an error message, which will disclose the installation path resulting in a loss of confidentiality.
Upgrade to version 1.3beta or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.