CVE-2004-1988

Name of the Vulnerable Software and Affected Versions Coppermine Photo Gallery version 1.2.0 RC4

Description The issue allows remote attackers to execute arbitrary PHP code by modifying the CPG M DIR to reference a URL on a remote web server that contains functions.inc.php. This is a result of a PHP remote file inclusion vulnerability in init.inc.php.

Recommendations For Coppermine Photo Gallery version 1.2.0 RC4, consider restricting access to the init.inc.php file and avoid using the CPG M DIR variable to reference external URLs until a patch is available. As a temporary workaround, restrict the use of the functions.inc.php file to minimize the risk of exploitation.