Vulnerability Name: | CVE-2007-3558 (CCN-35486) | ||||||||
Assigned: | 2007-06-29 | ||||||||
Published: | 2007-06-29 | ||||||||
Updated: | 2008-09-05 | ||||||||
Summary: | SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Data Manipulation | ||||||||
References: | Source: CCN Type: Coppermine Forum, June 29, 2007, 10:31:23 AM Maintenance release cpg1.4.11 (security issue) - upgrade mandatory Source: CONFIRM Type: Patch http://coppermine-gallery.net/forum/index.php?topic=44845.0 Source: MITRE Type: CNA CVE-2007-3558 Source: CCN Type: SA25846 Coppermine Photo Gallery Two SQL Injection Vulnerabilities Source: SECUNIA Type: Vendor Advisory 25846 Source: CCN Type: SourceForge.net Coppermine Photo Gallery Source: CCN Type: OSVDB ID: 37064 Coppermine Photo Gallery album Password Cookie SQL Injection Source: CCN Type: OSVDB ID: 37065 Coppermine Photo Gallery albmgr.php cat Parameter SQL Injection Source: BID Type: Patch 24710 Source: CCN Type: BID-24710 Coppermine Photo Gallery Album Password Cookie SQL Injection Vulnerability Source: XF Type: UNKNOWN coppermine-album-sql-injection(35486) | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |