CVE-2008-3486

NONE EPSS 92.7%
Published Aug 6, 200817y ago · Modified Jun 16, 20262w ago
Find Similar
Published Aug 6, 2008 17y ago
Last Modified Jun 16, 2026 2w ago

Description

Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.

Threat Intelligence

EPSS Exploit Probability
92.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 31

VendorProductVersionRange
coppermine-gallerycoppermine_photo_gallery* ≤1.4.18
coppermine-gallerycoppermine_photo_gallery1.0any
coppermine-gallerycoppermine_photo_gallery1.0any
coppermine-gallerycoppermine_photo_gallery1.1any
coppermine-gallerycoppermine_photo_gallery1.1any
coppermine-gallerycoppermine_photo_gallery1.1.0any
coppermine-gallerycoppermine_photo_gallery1.2.0any
coppermine-gallerycoppermine_photo_gallery1.2.0any
coppermine-gallerycoppermine_photo_gallery1.2.1any
coppermine-gallerycoppermine_photo_gallery1.2.1any
coppermine-gallerycoppermine_photo_gallery1.2.1any
coppermine-gallerycoppermine_photo_gallery1.3.0any
coppermine-gallerycoppermine_photo_gallery1.4any
coppermine-gallerycoppermine_photo_gallery1.4.0any
coppermine-gallerycoppermine_photo_gallery1.4.1any
coppermine-gallerycoppermine_photo_gallery1.4.2any
coppermine-gallerycoppermine_photo_gallery1.4.3any
coppermine-gallerycoppermine_photo_gallery1.4.4any
coppermine-gallerycoppermine_photo_gallery1.4.5any
coppermine-gallerycoppermine_photo_gallery1.4.6any
coppermine-gallerycoppermine_photo_gallery1.4.7any
coppermine-gallerycoppermine_photo_gallery1.4.8any
coppermine-gallerycoppermine_photo_gallery1.4.9any
coppermine-gallerycoppermine_photo_gallery1.4.10any
coppermine-gallerycoppermine_photo_gallery1.4.11any
coppermine-gallerycoppermine_photo_gallery1.4.12any
coppermine-gallerycoppermine_photo_gallery1.4.13any
coppermine-gallerycoppermine_photo_gallery1.4.14any
coppermine-gallerycoppermine_photo_gallery1.4.15any
coppermine-gallerycoppermine_photo_gallery1.4.16any
coppermine-gallerycoppermine_photo_gallery1.4.17any

References 5

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.