CVE-2026-3695

A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS v3 6.5 MEDIUM
CVSS v2.0 6.4 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://gist.github.com/hackusman/e618b915514ed24b9333c72152bb7218	Exploit Third Party Advisory
https://gist.github.com/hackusman/e618b915514ed24b9333c72152bb7218#-detailed-proof-of-concept-poc	Exploit Third Party Advisory
https://vuldb.com/?ctiid.349641	Permissions Required VDB Entry
https://vuldb.com/?id.349641	Third Party Advisory VDB Entry
https://vuldb.com/?submit.765591	Third Party Advisory VDB Entry
https://www.sourcecodester.com/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:remyandrade:modern_image_gallery_app:1.0:*:*:*:*:*:*:*

History

09 Mar 2026, 16:36

Type	Values Removed	Values Added
References	~~() https://gist.github.com/hackusman/e618b915514ed24b9333c72152bb7218 -~~	() https://gist.github.com/hackusman/e618b915514ed24b9333c72152bb7218 - Exploit, Third Party Advisory
References	~~() https://gist.github.com/hackusman/e618b915514ed24b9333c72152bb7218#-detailed-proof-of-concept-poc -~~	() https://gist.github.com/hackusman/e618b915514ed24b9333c72152bb7218#-detailed-proof-of-concept-poc - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.349641 -~~	() https://vuldb.com/?ctiid.349641 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.349641 -~~	() https://vuldb.com/?id.349641 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.765591 -~~	() https://vuldb.com/?submit.765591 - Third Party Advisory, VDB Entry
References	~~() https://www.sourcecodester.com/ -~~	() https://www.sourcecodester.com/ - Product
Summary		(es) Una vulnerabilidad ha sido encontrada en SourceCodester Modern Image Gallery App 1.0. Afecta a una función desconocida del archivo /delete.php. Dicha manipulación del argumento filename conduce a salto de ruta. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.
CPE		cpe:2.3:a:remyandrade:modern_image_gallery_app:1.0:::::::*
First Time		Remyandrade Remyandrade modern Image Gallery App

08 Mar 2026, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-08 01:15

Updated : 2026-03-09 16:36

NVD link : CVE-2026-3695

Mitre link : CVE-2026-3695

CVE.ORG link : CVE-2026-3695

JSON object : View

Products Affected

remyandrade

modern_image_gallery_app

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2026-3695

6.5^/10

6.4^/10

Attach tags to `CVE-2026-3695`