Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4976 — Path Traversal in Photo Gallery

CWE-22 — Path Traversal4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

16.7%

top 5.06%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Coppermine Photo Gallery

Timeline

PublishedSep 19

Latest updateMay 1

Description

Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcoppermine/coppermine_photo_gallery7 versions+6

Patches

Patch: coppermine-gallery.net ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-vx7f-xx2w-qxj7: Directory traversal vulnerability in viewlog↗2022-05-01

▶

CVEList

CVE-2007-4976: Directory traversal vulnerability in viewlog↗2007-09-19

▶

💥Exploits & PoCs

Exploit-DB

Coppermine Photo Gallery 1.4.12 - 'log' Local File Inclusion↗2007-09-17

▶