Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-0122

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

Published

2007-01-09T02:28:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	coppermine	coppermine_photo_gallery	≤ 1.4.10	Yes
Application	coppermine	coppermine_photo_gallery	1.0	Yes
Application	coppermine	coppermine_photo_gallery	1.0_rc3	Yes
Application	coppermine	coppermine_photo_gallery	1.1	Yes
Application	coppermine	coppermine_photo_gallery	1.1_beta_2	Yes
Application	coppermine	coppermine_photo_gallery	1.2	Yes
Application	coppermine	coppermine_photo_gallery	1.2.1	Yes
Application	coppermine	coppermine_photo_gallery	1.2.2_b	Yes
Application	coppermine	coppermine_photo_gallery	1.2.2_b-nuke	Yes
Application	coppermine	coppermine_photo_gallery	1.3	Yes
Application	coppermine	coppermine_photo_gallery	1.3.2	Yes
Application	coppermine	coppermine_photo_gallery	1.3.3	Yes
Application	coppermine	coppermine_photo_gallery	1.3.4	Yes
Application	coppermine	coppermine_photo_gallery	1.4.4	Yes
Application	coppermine	coppermine_photo_gallery	1.4.9	Yes

References

http://acid-root.new.fr/poc/19070104.txt ([email protected])
http://osvdb.org/35852 ([email protected])
http://osvdb.org/35853 ([email protected])
http://osvdb.org/35854 ([email protected])
http://osvdb.org/35855 ([email protected])
http://osvdb.org/35856 ([email protected])
http://secunia.com/advisories/25846 ([email protected])
http://securityreason.com/securityalert/2123 ([email protected])
http://www.securityfocus.com/archive/1/456051/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/21894 Exploit ([email protected])
https://www.exploit-db.com/exploits/3085 ([email protected])
http://acid-root.new.fr/poc/19070104.txt (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/35852 (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/35853 (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/35854 (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/35855 (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/35856 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25846 (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/2123 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/456051/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/21894 Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/3085 (af854a3a-2127-422b-91ae-364da2661108)