Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
Coppermine Photo Gallery allows unauthorized access to server files
CVE-2026-3013
Summary
If you're using Coppermine Photo Gallery versions 1.6.09 to 1.6.27, an attacker could potentially access and read any file on your server. This is a significant security risk, as it could allow the attacker to steal sensitive information or disrupt your website. To fix this issue, update to version 1.6.28 or later.
Original title
Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allo...
Original description
Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow to read content of any file accessible by the the web server process.This issue was fixed in version 1.6.28.
nvd CVSS4.0
8.7
Vulnerability type
CWE-22
Path Traversal
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026