SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
2008-04-16T17:05:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 6.5 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | coppermine | coppermine_photo_gallery | ≤ 1.4.16 | Yes |
| Application | coppermine | coppermine_photo_gallery | 1.4 | Yes |
| Application | coppermine | coppermine_photo_gallery | 1.4.1 | Yes |
| Application | coppermine | coppermine_photo_gallery | 1.4.2 | Yes |
| Application | coppermine | coppermine_photo_gallery | 1.4.3 | Yes |
| Application | coppermine | coppermine_photo_gallery | 1.4.4 | Yes |
| Application | coppermine | coppermine_photo_gallery | 1.4.5 | Yes |
| Application | coppermine | coppermine_photo_gallery | 1.4.6 | Yes |
| Application | coppermine | coppermine_photo_gallery | 1.4.7 | Yes |
| Application | coppermine | coppermine_photo_gallery | 1.4.8 | Yes |
| Application | coppermine | coppermine_photo_gallery | 1.4.9 | Yes |
| Application | coppermine | coppermine_photo_gallery | 1.4.10 | Yes |
| Application | coppermine | coppermine_photo_gallery | 1.4.11 | Yes |
| Application | coppermine | coppermine_photo_gallery | 1.4.12 | Yes |
| Application | coppermine | coppermine_photo_gallery | 1.4.13 | Yes |
| Application | coppermine | coppermine_photo_gallery | 1.4.14 | Yes |