CVE-2006-1909

Name of the Vulnerable Software and Affected Versions Coppermine version 1.4.4

Description The issue allows remote attackers to read arbitrary files via a modified dot dot slash in the file parameter. This is due to a directory traversal vulnerability in index.php, which causes a regular expression to collapse the sequences into standard "../" sequences.

Recommendations For Coppermine version 1.4.4, consider restricting access to the file parameter in the index.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the file parameter with untrusted input until a patch is available.