Description
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by anonymous · textwebappsphp
https://www.exploit-db.com/exploits/29568
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22409
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24019
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/33094
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32233
Scores
EPSS
0.0298
EPSS Percentile
86.7%
Details
Status
published
Products (1)
coppermine/coppermine_photo_gallery
< 1.4.10
Published
Feb 08, 2007
Tracked Since
Feb 18, 2026