Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1909Path Traversal in Photo Gallery

5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
5.2%
top 10.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Coppermine Photo Gallery
Timeline
PublishedApr 20
Latest updateMay 1

Description

Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-8jfp-977g-xf4r: Directory traversal vulnerability in index2022-05-01
CVEList
CVE-2006-1909: Directory traversal vulnerability in index2006-04-20

💥Exploits & PoCs

1
Exploit-DB
Coppermine 1.4.4 - 'index.php' Local File Inclusion2006-04-17

💬Community

1
Bugzilla
CVE-2005-0605 libxpm buffer overflow2008-01-28
CVE-2006-1909 — Path Traversal in Photo Gallery | cvebase