Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1988 — Photo Gallery vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 82.44%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Coppermine Photo Gallery Francisco Burzi Php-nuke

Timeline

PublishedApr 30

Latest updateApr 29

Description

PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDcoppermine/coppermine_photo_gallery6 versions+5

▶NVDfrancisco_burzi/php-nuke5 versions+4

🔴Vulnerability Details

GHSA

GHSA-x4g8-q528-mj92: PHP remote file inclusion vulnerability in init↗2022-04-29

▶

CVEList

CVE-2004-1988: PHP remote file inclusion vulnerability in init↗2005-05-10

▶

💥Exploits & PoCs

Exploit-DB

Coppermine Photo Gallery 1.2.0 RC4 - 'init.inc.php' Remote File Inclusion↗2004-04-30

▶