CVE-2006-0872 — Path Traversal in Photo Gallery

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

2.5%

top 14.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Coppermine Photo Gallery

Timeline

PublishedFeb 24

Latest updateMay 1

Description

Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcoppermine/coppermine_photo_gallery1.4.3

Patches

Patch: coppermine-gallery.net ↗Patch: coppermine-gallery.net ↗

🔴Vulnerability Details

GHSA

GHSA-j5mr-578q-7xfj: Directory traversal vulnerability in init↗2022-05-01

▶

CVEList

CVE-2006-0872: Directory traversal vulnerability in init↗2006-02-24

▶