CVE-2004-1985

Coppermine Photo Gallery 1.2.2b - Cross-Site Scripting via CPG_URL Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1985. PoCs published by Janek Vind.

AI-analyzed exploit summary The provided text describes a vulnerability in Coppermine Photo Gallery (CVE-2004-1985) involving input-validation issues leading to XSS and potential command execution. It includes a sample XSS payload but lacks executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Janek Vind · textwebappsphp
https://www.exploit-db.com/exploits/24072

The provided text describes a vulnerability in Coppermine Photo Gallery (CVE-2004-1985) involving input-validation issues leading to XSS and potential command execution. It includes a sample XSS payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Coppermine Photo Gallery (version not specified)
No auth needed
Prerequisites: Access to a vulnerable Coppermine Photo Gallery instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108360247732014&w=2
Various Sources x_refsource_misc
http://www.waraxe.us/index.php?modname=sa&id=26
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16040
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/5757
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10253
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11524

Scores

EPSS 0.0391
EPSS Percentile 88.9%

Details

Status published
Products (11)
coppermine/coppermine_photo_gallery 1.0_rc3
coppermine/coppermine_photo_gallery 1.1_.0
coppermine/coppermine_photo_gallery 1.1_beta_2
coppermine/coppermine_photo_gallery 1.2
coppermine/coppermine_photo_gallery 1.2.1
coppermine/coppermine_photo_gallery 1.2.2_b
francisco_burzi/php-nuke 6.9
francisco_burzi/php-nuke 7.0
francisco_burzi/php-nuke 7.0_final
francisco_burzi/php-nuke 7.1
... and 1 more
Published Apr 30, 2004
Tracked Since Feb 18, 2026