CVE-2007-0122

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://acid-root.new.fr/poc/19070104.txt
http://osvdb.org/35852
http://osvdb.org/35853
http://osvdb.org/35854
http://osvdb.org/35855
http://osvdb.org/35856
http://secunia.com/advisories/25846
http://securityreason.com/securityalert/2123
http://www.securityfocus.com/archive/1/456051/100/0/threaded
http://www.securityfocus.com/bid/21894	Exploit
https://www.exploit-db.com/exploits/3085
http://acid-root.new.fr/poc/19070104.txt
http://osvdb.org/35852
http://osvdb.org/35853
http://osvdb.org/35854
http://osvdb.org/35855
http://osvdb.org/35856
http://secunia.com/advisories/25846
http://securityreason.com/securityalert/2123
http://www.securityfocus.com/archive/1/456051/100/0/threaded
http://www.securityfocus.com/bid/21894	Exploit
https://www.exploit-db.com/exploits/3085

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:coppermine:coppermine_photo_gallery::::::::
	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0:::::::*
	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0_rc3:::::::*
	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1:::::::*
	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_beta_2:::::::*
	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2:::::::*
	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:::::::*
	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b:::::::*
	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b-nuke:::::::*
	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3:::::::*
	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:::::::*
	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:::::::*
	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.4:::::::*
	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:::::::*
	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:::::::*

History

21 Nov 2024, 00:25

Type	Values Removed	Values Added
References	~~() http://acid-root.new.fr/poc/19070104.txt -~~	() http://acid-root.new.fr/poc/19070104.txt -
References	~~() http://osvdb.org/35852 -~~	() http://osvdb.org/35852 -
References	~~() http://osvdb.org/35853 -~~	() http://osvdb.org/35853 -
References	~~() http://osvdb.org/35854 -~~	() http://osvdb.org/35854 -
References	~~() http://osvdb.org/35855 -~~	() http://osvdb.org/35855 -
References	~~() http://osvdb.org/35856 -~~	() http://osvdb.org/35856 -
References	~~() http://secunia.com/advisories/25846 -~~	() http://secunia.com/advisories/25846 -
References	~~() http://securityreason.com/securityalert/2123 -~~	() http://securityreason.com/securityalert/2123 -
References	~~() http://www.securityfocus.com/archive/1/456051/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/456051/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/21894 - Exploit~~	() http://www.securityfocus.com/bid/21894 - Exploit
References	~~() https://www.exploit-db.com/exploits/3085 -~~	() https://www.exploit-db.com/exploits/3085 -

Information

Published : 2007-01-09 02:28

Updated : 2024-11-21 00:25

NVD link : CVE-2007-0122

Mitre link : CVE-2007-0122

CVE.ORG link : CVE-2007-0122

JSON object : View

Products Affected

coppermine

coppermine_photo_gallery

CWE

NVD-CWE-Other

6.5 /10