CVE-2004-1986

Name of the Vulnerable Software and Affected Versions Coppermine Photo Gallery versions 1.2.0 RC4 through 1.2.2b

Description The issue allows remote attackers with administrative privileges to read arbitrary files. This is achieved by exploiting a directory traversal vulnerability in the modules.php file, specifically by using a .. (dot dot) in the startdir parameter.

Recommendations For Coppermine Photo Gallery versions 1.2.0 RC4 through 1.2.2b, consider restricting access to the modules.php file or avoid using the startdir parameter until a fix is available. As a temporary workaround, restrict administrative privileges to minimize the risk of exploitation.