Back to search
CVE-2007-0122
Published: Jan 9, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
35853
vdb-entry
x_refsource_OSVDB
2123
third-party-advisory
x_refsource_SREASON
25846
third-party-advisory
x_refsource_SECUNIA
http://acid-root.new.fr/poc/19070104.txt
x_refsource_MISC
3085
exploit
x_refsource_EXPLOIT-DB
35854
vdb-entry
x_refsource_OSVDB
35852
vdb-entry
x_refsource_OSVDB
20070105 Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit
mailing-list
x_refsource_BUGTRAQ
21894
vdb-entry
x_refsource_BID
35856
vdb-entry
x_refsource_OSVDB
35855
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now