Directory Traversal Vulnerability in Coppermine Photo Gallery
CVE-2008-3486

Currently unrated

Key Information:

Vendor: Coppermine-gallery
Status: Coppermine Photo Gallery
Vendor: CVE Published:; 6 August 2008

🔔 Create Coppermine-gallery Vulnerability Alert

What is CVE-2008-3486?

A directory traversal vulnerability exists in the user_get_profile function within the include/functions.inc.php file in Coppermine Photo Gallery (CPG) version 1.4.18 and earlier. When the character set is set to utf-8, this flaw permits remote attackers to leverage a crafted request to include and execute arbitrary local files by manipulating the lang parameter in serialized data contained within an _data cookie. This exploitation underscores potential risks to sensitive information and system integrity if proper security measures are not implemented.

References

http://secunia.com/advisories/31295

third-party-advisoryx_refsource_SECUNIA

http://securityreason.com/securityalert/4108

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/30480

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2008
Vulnerability Reserved
Aug 6, 2008

JSON