Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote malicious users to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
coppermine coppermine photo gallery 1.4.4 |