CVE-2004-1989

Coppermine Photo Gallery <1.2.2b - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1989. PoCs published by Janek Vind.

AI-analyzed exploit summary The provided text describes multiple input-validation vulnerabilities in Coppermine Photo Gallery, which may lead to arbitrary command execution, directory traversal, and file inclusion. It includes example URLs demonstrating the vulnerability but lacks executable exploit code.

Description

PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Janek Vind · textwebappsphp
https://www.exploit-db.com/exploits/24075

The provided text describes multiple input-validation vulnerabilities in Coppermine Photo Gallery, which may lead to arbitrary command execution, directory traversal, and file inclusion. It includes example URLs demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Coppermine Photo Gallery (version not specified)
No auth needed
Prerequisites: Access to the vulnerable Coppermine Photo Gallery instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108360247732014&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/5912
Exploit, Vendor Advisory x_refsource_misc
http://www.waraxe.us/index.php?modname=sa&id=26
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1010001
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16041
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10253
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11524

Scores

EPSS 0.0933
EPSS Percentile 94.7%

Details

Status published
Products (11)
coppermine/coppermine_photo_gallery 1.0_rc3
coppermine/coppermine_photo_gallery 1.1_.0
coppermine/coppermine_photo_gallery 1.1_beta_2
coppermine/coppermine_photo_gallery 1.2
coppermine/coppermine_photo_gallery 1.2.1
coppermine/coppermine_photo_gallery 1.2.2_b
francisco_burzi/php-nuke 6.9
francisco_burzi/php-nuke 7.0
francisco_burzi/php-nuke 7.0_final
francisco_burzi/php-nuke 7.1
... and 1 more
Published Apr 30, 2004
Tracked Since Feb 18, 2026