Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1989 — Photo Gallery vulnerability

5 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 82.44%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Coppermine Photo Gallery Francisco Burzi Php-nuke

Timeline

PublishedApr 30

Latest updateApr 29

Description

PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDcoppermine/coppermine_photo_gallery6 versions+5

▶NVDfrancisco_burzi/php-nuke5 versions+4

🔴Vulnerability Details

GHSA

GHSA-ph59-qghm-32cp: PHP remote file inclusion vulnerability in theme↗2022-04-29

▶

CVEList

CVE-2004-1989: PHP remote file inclusion vulnerability in theme↗2005-05-10

▶

💥Exploits & PoCs

Exploit-DB

Coppermine Photo Gallery 1.2.2b - 'theme.php' Remote File Inclusion↗2004-04-30

▶

Exploit-DB

RobotFTP Server 1.0/2.0 - 'Username' Buffer Overflow (1)↗2004-02-16

▶