Full Report
Path Traversal vulnerability (CVE-2026-3013) has been found in Coppermine Photo Gallery software.
Analysis Summary
# Vulnerability: Path Traversal in Coppermine Photo Gallery
## CVE Details
- **CVE ID**: CVE-2026-3013
- **CVSS Score**: Not specifically listed in source (Estimated High/Critical based on unauthenticated file read)
- **CWE**: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
## Affected Systems
- **Products**: Coppermine Photo Gallery
- **Versions**: From 1.6.09 to 1.6.27
- **Configurations**: Default installations utilizing vulnerable endpoints; affectable by unauthenticated requests.
## Vulnerability Description
A Path Traversal flaw exists in the software's handling of file paths via a specific endpoint. An unauthenticated remote attacker can supply specially crafted payloads containing directory traversal sequences (e.g., `../`). This allows the attacker to bypass directory restrictions and read any file on the underlying filesystem that the web server process (e.g., www-data or apache) has permissions to access.
## Exploitation
- **Status**: Reported via Coordinated Vulnerability Disclosure (CVD); no mention of active exploitation in the wild.
- **Complexity**: Low
- **Attack Vector**: Network (Remote)
## Impact
- **Confidentiality**: High (Ability to read sensitive system files, configuration files, and application source code).
- **Integrity**: Low/None (The vulnerability is described as a "read" flaw).
- **Availability**: Low/None.
## Remediation
### Patches
- Update Coppermine Photo Gallery to **version 1.6.28** or later.
### Workarounds
- No specific workarounds are provided. Standard emergency mitigation includes restricting access to the web server or using a Web Application Firewall (WAF) to filter path traversal patterns (e.g., `..%2f`, `..\`) until the patch is applied.
## Detection
- **Indicators of Compromise**: Monitor web server access logs for unusual GET requests containing directory traversal sequences (`../`, `..\`) or attempts to access sensitive files like `/etc/passwd` or `include/config.inc.php`.
- **Detection methods and tools**: Standard vulnerability scanners and log analysis tools searching for CWE-22 patterns specific to the Coppermine directory structure.
## References
- **Vendor Advisory**: hxxps[://]cert[.]pl/en/posts/2026/03/vulnerability-in-coppermine-photo-gallery/
- **CVE Record**: hxxps[://]www[.]cve[.]org/CVERecord?id=CVE-2026-3013
- **CVD Policy**: hxxps[://]cert[.]pl/en/cvd/