Vulnerability CVE-2007-0122


Published: 2007-01-08   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit
DarkFig
10.01.2007

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Coppermine -> Coppermine photo gallery 

 References:
http://acid-root.new.fr/poc/19070104.txt
http://securityreason.com/securityalert/2123
http://www.securityfocus.com/archive/1/456051/100/0/threaded
http://www.securityfocus.com/bid/21894
https://www.exploit-db.com/exploits/3085

Copyright 2021, cxsecurity.com

 

Back to Top