HIGHCVE-2026-3013Published 2026-03-11Modified 2026-03-11CNA CERT-PL

CVE-2026-3013: Path Traversal in Coppermine Photo Gallery

Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow to read content of any file accessible by the the web server process.This issue was fixed in version 1.6.28.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: 1.6.28
Affected Products: 1

Fix available

1.6.28

Affected packages

Coppermine Photo Gallery / Coppermine Photo Gallery
< 1.6.28 (from 1.6.09)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References

cert.pl
github.com

Metrics

Fix available