CVE-2007-0122

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-0122
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://acid-root.new.fr/poc/19070104.txt
http://osvdb.org/35852
http://osvdb.org/35853
http://osvdb.org/35854
http://osvdb.org/35855
http://osvdb.org/35856
http://secunia.com/advisories/25846
http://securityreason.com/securityalert/2123
http://www.securityfocus.com/archive/1/456051/100/0/threaded
http://www.securityfocus.com/bid/21894 Exploit
https://www.exploit-db.com/exploits/3085
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0_rc3:*:*:*:*:*:*:*
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_beta_2:*:*:*:*:*:*:*
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b:*:*:*:*:*:*:*
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b-nuke:*:*:*:*:*:*:*
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3:*:*:*:*:*:*:*
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*
History

No history.

Information

Published : 2007-01-09 02:28

Updated : 2023-12-10 10:40

NVD link : CVE-2007-0122

Mitre link : CVE-2007-0122

CVE.ORG link : CVE-2007-0122

JSON object : View

Products Affected

coppermine

  • coppermine_photo_gallery
CWE
NVD-CWE-Other