Vulnerabilities > CVE-2007-3558 - SQL Injection vulnerability in Coppermine Photo Gallery Album Password Cookie
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Coppermine Photo Gallery <= 1.4.10 Remote SQL Injection Exploit. CVE-2007-3558. Webapps exploit for php platform |
| id | EDB-ID:3085 |
| last seen | 2016-01-31 |
| modified | 2007-01-05 |
| published | 2007-01-05 |
| reporter | DarkFig |
| source | https://www.exploit-db.com/download/3085/ |
| title | Coppermine Photo Gallery <= 1.4.10 - Remote SQL Injection Exploit |
Nessus
| NASL family | CGI abuses |
| NASL id | COPPERMINE_ALBPW_SQL_INJECTION.NASL |
| description | The version of Coppermine installed on the remote host fails to sanitize user-supplied input to the album password cookie before using it in a database query in the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 31137 |
| published | 2008-02-25 |
| reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/31137 |
| title | Coppermine Photo Gallery album Password Cookie SQL Injection |