QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-3486

Back to search

CVE-2008-3486

Published: Aug 6, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.

VendorProductVersions

n/a

n/a

affected
n/a

References

31295
third-party-advisory
x_refsource_SECUNIA
4108
third-party-advisory
x_refsource_SREASON
30480
vdb-entry
x_refsource_BID
6178
exploit
x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now