Vulnerabilities > CVE-2007-0122 - SQL Injection vulnerability in Coppermine Photo Gallery Albmgr.PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
Vulnerable Configurations
Exploit-Db
description Coppermine Photo Gallery 1.x Albmgr.PHP SQL Injection Vulnerability. CVE-2007-0122. Webapps exploit for php platform id EDB-ID:29397 last seen 2016-02-03 modified 2007-01-05 published 2007-01-05 reporter DarkFig source https://www.exploit-db.com/download/29397/ title Coppermine Photo Gallery 1.x Albmgr.PHP SQL Injection Vulnerability id EDB-ID:3085
References
- http://acid-root.new.fr/poc/19070104.txt
- http://osvdb.org/35852
- http://osvdb.org/35853
- http://osvdb.org/35854
- http://osvdb.org/35855
- http://osvdb.org/35856
- http://secunia.com/advisories/25846
- http://securityreason.com/securityalert/2123
- http://www.securityfocus.com/archive/1/456051/100/0/threaded
- http://www.securityfocus.com/bid/21894
- https://www.exploit-db.com/exploits/3085