CVE-2007-0122

Published Jan 9, 2007

Last updated 6 years ago

CVSS info 6.5

Overview

Description: Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E1F67DD-8ED5-4E97-9EBE-3EDC01DE60BB",
            "versionEndIncluding": "1.4.10"
          },
          {
            "criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B04BAAEE-4047-47BE-AB93-3B3C923EF78F"
          },
          {
            "criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0_rc3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3479C85-5B30-43FE-9492-5438D27B8DC3"
          },
          {
            "criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "304B545E-1B2D-4794-B007-9562C027469D"
          },
          {
            "criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_beta_2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FCDC744-DAF3-449C-B3AE-BA420A636CBB"
          },
          {
            "criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CDBEDCE-787D-4523-A209-0CCFD6E41064"
          },
          {
            "criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6BBC5F9-1E40-47FF-9371-FD0C7A9458D5"
          },
          {
            "criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7292845-96FB-48BF-935F-9BD7772AFD16"
          },
          {
            "criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b-nuke:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C635ED6-287F-426A-B19A-B92FB8A5CC3F"
          },
          {
            "criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB182E1B-9E32-46CA-9B49-5029107955D5"
          },
          {
            "criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DD2CA54-6534-4A4F-9667-8A594B7E43CD"
          },
          {
            "criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFF90F7F-070C-4ABE-8F94-7192F18B1A9D"
          },
          {
            "criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91D223FD-D53B-45DA-AB15-B446ADA7B0A6"
          },
          {
            "criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D3BB681-16F8-441F-912C-9488791A6420"
          },
          {
            "criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7A89B92-8323-4240-80CE-102070202A09"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References