Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2007-0122

Published: 09/01/2007 Updated: 16/10/2018
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 655
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Coppermine

Vulnerability Summary

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and previous versions allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

coppermine coppermine photo gallery 1.1_beta_2

coppermine coppermine photo gallery 1.0

coppermine coppermine photo gallery 1.2.2_b-nuke

coppermine coppermine photo gallery 1.3

coppermine coppermine photo gallery 1.2.1

coppermine coppermine photo gallery 1.2.2_b

coppermine coppermine photo gallery 1.4.9

coppermine coppermine photo gallery

coppermine coppermine photo gallery 1.2

coppermine coppermine photo gallery 1.3.4

coppermine coppermine photo gallery 1.4.4

coppermine coppermine photo gallery 1.0_rc3

coppermine coppermine photo gallery 1.1

coppermine coppermine photo gallery 1.3.2

coppermine coppermine photo gallery 1.3.3

Exploits

Exploit DB: Coppermine Photo Gallery 1.4.11 - SQL Injection
source: wwwsecurityfocuscom/bid/21894/info Coppermine Photo Gallery is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabiliti ...

References

NVD-CWE-Otherhttp://acid-root.new.fr/poc/19070104.txthttp://www.securityfocus.com/bid/21894http://secunia.com/advisories/25846http://securityreason.com/securityalert/2123http://osvdb.org/35854http://osvdb.org/35852http://osvdb.org/35855http://osvdb.org/35853http://osvdb.org/35856https://www.exploit-db.com/exploits/3085http://www.securityfocus.com/archive/1/456051/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/29397/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook