SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2008-04-16 17:05
Updated : 2023-12-10 10:51
NVD link : CVE-2008-1841
Mitre link : CVE-2008-1841
CVE.ORG link : CVE-2008-1841
JSON object : View
Products Affected
coppermine
- coppermine_photo_gallery
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')