Vulnerabilities > CVE-2007-1107 - SQL Injection vulnerability in Coppermine Photo Gallery ThumbNails.PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Exploit-Db
description Coppermine Photo Gallery 1.3.x Remote Blind SQL Injection Exploit. CVE-2007-1107. Webapps exploit for php platform file exploits/php/webapps/3371.php id EDB-ID:3371 last seen 2016-01-31 modified 2007-02-24 platform php port published 2007-02-24 reporter s0cratex source https://www.exploit-db.com/download/3371/ title Coppermine Photo Gallery 1.3.x - Remote Blind SQL Injection Exploit type webapps id EDB-ID:4950 id EDB-ID:4961
References
- http://osvdb.org/33133
- http://securityreason.com/securityalert/2297
- http://www.securityfocus.com/archive/1/461158/100/0/threaded
- http://www.securityfocus.com/bid/22709
- http://www.securityfocus.com/bid/27372
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32688
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39806
- https://www.exploit-db.com/exploits/3371
- https://www.exploit-db.com/exploits/4950
- https://www.exploit-db.com/exploits/4961