Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-08-06T17:05:00
Updated: 2017-09-28T12:57:01
Reserved: 2008-08-06T00:00:00
Link: CVE-2008-3486
JSON object: View
NVD Information
Status : Modified
Published: 2008-08-06T17:41:00.000
Modified: 2017-09-29T01:31:42.773
Link: CVE-2008-3486
JSON object: View
Redhat Information
No data.
CWE