EIP-2026-106166

PRE-CVE

Coppermine Photo Gallery 1.4.20 - BBCode IMG Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106166. PoCs published by StAkeR.

AI-analyzed exploit summary This exploit leverages a BBCode IMG tag injection vulnerability in Coppermine Photo Gallery to escalate privileges. The attacker crafts a malicious IMG tag containing a URL that, when viewed by an admin, changes the attacker's user group to admin.

Description

Coppermine Photo Gallery 1.4.20 - BBCode IMG Privilege Escalation

Exploits (1)

exploitdb WORKING POC VERIFIED

by StAkeR · textwebappsphp

https://www.exploit-db.com/exploits/8114

View Code ZIP pw:eip

This exploit leverages a BBCode IMG tag injection vulnerability in Coppermine Photo Gallery to escalate privileges. The attacker crafts a malicious IMG tag containing a URL that, when viewed by an admin, changes the attacker's user group to admin.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Coppermine Photo Gallery <= 1.4.20

Auth required

Prerequisites: Valid user account · Admin interaction required

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026