Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
SourceCodester Image Gallery: File Deletion Can Be Manipulated Remotely
CVE-2026-3695
Summary
A bug in the SourceCodester Modern Image Gallery App 1.0 makes it possible for an attacker to manipulate file deletion remotely, which could lead to unauthorized access to sensitive files. This vulnerability has been publicly disclosed, so it's essential to update the app to the latest version to prevent potential security risks. Update the app as soon as possible to protect your system.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| remyandrade | modern_image_gallery_app | 1.0 | – |
Original title
A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path trav...
Original description
A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
nvd CVSS2.0
6.4
nvd CVSS3.1
6.5
nvd CVSS4.0
6.9
Vulnerability type
CWE-22
Path Traversal
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026