Vulnerability Name:

CVE-2007-0122 (CCN-31306)

Assigned:2006-01-05
Published:2006-01-05
Updated:2018-10-16
Summary:Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
5.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
5.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Data Manipulation
References:Source: MISC
Type: UNKNOWN
http://acid-root.new.fr/poc/19070104.txt

Source: CCN
Type: BugTraq Mailing List, Fri Jan 05 2007 - 05:34:11 CST
Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit

Source: CCN
Type: Coppermine Photo Gallery Web site
Coppermine Download Maintenance Release

Source: CCN
Type: Coppermine Forum, 06/29/07 at 10:31:23 AM
Maintenance release cpg1.4.11 (security issue) - upgrade mandatory

Source: MITRE
Type: CNA
CVE-2007-0122

Source: OSVDB
Type: UNKNOWN
35852

Source: OSVDB
Type: UNKNOWN
35853

Source: OSVDB
Type: UNKNOWN
35854

Source: OSVDB
Type: UNKNOWN
35855

Source: OSVDB
Type: UNKNOWN
35856

Source: CCN
Type: SA25846
Coppermine Photo Gallery Two SQL Injection Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
25846

Source: SREASON
Type: UNKNOWN
2123

Source: CCN
Type: OSVDB ID: 35852
Coppermine Photo Gallery albmgr.php cat Parameter SQL Injection

Source: CCN
Type: OSVDB ID: 35853
Coppermine Photo Gallery usermgr.php gid Parameter SQL Injection

Source: CCN
Type: OSVDB ID: 35854
Coppermine Photo Gallery db_ecard.php start Parameter SQL Injection

Source: CCN
Type: OSVDB ID: 35855
Coppermine Photo Gallery filename_to_title Function albumid Parameter SQL Injection

Source: CCN
Type: OSVDB ID: 35856
Coppermine Photo Gallery del_titles Function albumid Parameter SQL Injection

Source: BUGTRAQ
Type: UNKNOWN
20070105 Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit

Source: BID
Type: Exploit
21894

Source: CCN
Type: BID-21894
Coppermine Photo Gallery Albmgr.PHP SQL Injection Vulnerability

Source: XF
Type: UNKNOWN
coppermine-multiple-scripts-sql-injection(31306)

Source: EXPLOIT-DB
Type: UNKNOWN
3085

Vulnerable Configuration:Configuration 1:
  • cpe:/a:coppermine:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.0_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.1_beta_2:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.2.2_b:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.2.2_b-nuke:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:* (Version <= 1.4.10)

    • * Denotes that component is vulnerable
    BACK
    coppermine coppermine photo gallery 1.0
    coppermine coppermine photo gallery 1.0_rc3
    coppermine coppermine photo gallery 1.1
    coppermine coppermine photo gallery 1.1_beta_2
    coppermine coppermine photo gallery 1.2
    coppermine coppermine photo gallery 1.2.1
    coppermine coppermine photo gallery 1.2.2_b
    coppermine coppermine photo gallery 1.2.2_b-nuke
    coppermine coppermine photo gallery 1.3
    coppermine coppermine photo gallery 1.3.2
    coppermine coppermine photo gallery 1.3.3
    coppermine coppermine photo gallery 1.3.4
    coppermine coppermine photo gallery 1.4.4
    coppermine coppermine photo gallery 1.4.9
    coppermine coppermine photo gallery *