CVE-2008-3486
NONE EPSS 92.7%
Published Aug 6, 200817y ago · Modified Jun 16, 20262w ago
Published Aug 6, 2008 17y ago
Last Modified Jun 16, 2026 2w ago
Description
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.
Threat Intelligence
EPSS Exploit Probability
92.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
Affected Products 31
| Vendor | Product | Version | Range |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | * | ≤1.4.18 |
| coppermine-gallery | coppermine_photo_gallery | 1.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.1.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.2.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.3.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.0 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.1 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.2 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.3 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.4 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.5 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.6 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.7 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.8 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.9 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.10 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.11 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.12 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.13 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.14 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.15 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.16 | any |
| coppermine-gallery | coppermine_photo_gallery | 1.4.17 | any |
References 5
- secunia.com http://secunia.com/advisories/31295
- securityreason.com http://securityreason.com/securityalert/4108
- securityfocus.com http://www.securityfocus.com/bid/30480
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/44133
- exploit-db.com https://www.exploit-db.com/exploits/6178
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.