CVE-2026-3695
SourceCodester Modern Image Gallery App delete.php path traversal
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
| CWE | CWE-22 |
| Vendor | sourcecodester |
| Product | modern image gallery app |
| Published | Mar 8, 2026 |
| Last Updated | Mar 11, 2026 |
Stay Ahead of the Next One
Get instant alerts for sourcecodester modern image gallery app
Be the first to know when new medium vulnerabilities affecting sourcecodester modern image gallery app are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
SourceCodester / Modern Image Gallery App
1.0
References
vuldb.com: https://vuldb.com/?id.349641 vuldb.com: https://vuldb.com/?ctiid.349641 vuldb.com: https://vuldb.com/?submit.765591 gist.github.com: https://gist.github.com/hackusman/e618b915514ed24b9333c72152bb7218 gist.github.com: https://gist.github.com/hackusman/e618b915514ed24b9333c72152bb7218#-detailed-proof-of-concept-poc sourcecodester.com: https://www.sourcecodester.com/
Credits
Atter Koffi Kallern ๐ hackus_man (VulDB User) hackus_man (VulDB User)