Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1986 — Path Equivalence: 'filename.' (Trailing Dot) in Photo Gallery

CWE-42 — Path Equivalence: 'filename.' (Trailing Dot)5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.1%

top 70.45%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Coppermine Photo Gallery Francisco Burzi Php-nuke

Timeline

PublishedApr 4

Latest updateApr 29

Description

Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDcoppermine/coppermine_photo_gallery6 versions+5

▶NVDfrancisco_burzi/php-nuke5 versions+4

🔴Vulnerability Details

GHSA

GHSA-mppw-43vf-5v6h: Directory traversal vulnerability in modules↗2022-04-29

▶

CVEList

CVE-2004-1986: Directory traversal vulnerability in modules↗2005-05-10

▶

💥Exploits & PoCs

Exploit-DB

Coppermine Photo Gallery 1.2.0 RC4 - 'startdir' Traversal Arbitrary File Access↗2004-04-30

▶

📐Framework References

CWE

Path Equivalence: 'filename.' (Trailing Dot)↗

▶