CVE-2007-0122

EPSS 3.0%

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/3085unverified exploitdbwww.exploit-db.com/exploits/29397unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://acid-root.new.fr/poc/19070104.txt http://osvdb.org/35852 http://osvdb.org/35853 http://osvdb.org/35854 http://osvdb.org/35855 http://osvdb.org/35856 http://secunia.com/advisories/25846 http://securityreason.com/securityalert/2123 https://www.exploit-db.com/exploits/3085 http://www.securityfocus.com/archive/1/456051/100/0/threaded http://www.securityfocus.com/bid/21894